Re: [users@httpd] Sending client's IP address to local proxied application server.
On Fri, Oct 30, 2020 at 9:04 PM Mike Diehl wrote: > > Well, I added this to the vhost definition: > > ProxyPreserveHost On > RemoteIPHeader X-Forwarded-For > > Now I'm getting the web server's outside IP address as the value of the > x-forwarded-for header. This is progress, but not quite what I need. I need > the original client's IP address before the request gets proxied to my > application server. > > Any other ideas? You need to tell the proxy itself to add the X-Forwarded-* headers, using ProxyAddHeaders ([1]). So your section could be something like: ProxyPass "http://127.0.0.1:8080/apps/; ProxyAddHeaders on Regards; Yann. [1] https://httpd.apache.org/docs/2.4/en/mod/mod_proxy.html#proxyaddheaders - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Sending client's IP address to local proxied application server.
Well, I added this to the vhost definition:
ProxyPreserveHost On
RemoteIPHeader X-Forwarded-For
Now I'm getting the web server's outside IP address as the value of the
x-forwarded-for header. This is progress, but not quite what I need. I
need the original client's IP address before the request gets proxied to my
application server.
Any other ideas?
Thanks in advance,
Mike.
On Fri, Oct 16, 2020 at 3:21 PM DICKEY Rob wrote:
> ProxyPreserveHost On (it is set off by default) will preserve incoming
> Host header. For IP, you could use a custom header using %{REMOTE_ADDR}as
> the value.
>
>
>
> Best Regards,
>
>
>
> Rob DICKEY
>
> Americas R Technical Customer Support Senior Manager
>
> rob.dic...@3ds.com
>
> *3DS.COM* <http://www.3ds.com/>
>
> *DS Americas Corp.* | *523 W 6th Street | Los Angeles, CA 90014 | United
> States *
>
>
>
> *From:* Mike Diehl
> *Sent:* Friday, October 16, 2020 11:35 AM
> *To:* users@httpd.apache.org
> *Subject:* Re: [users@httpd] Sending client's IP address to local proxied
> application server.
>
>
>
> *EXTERNAL EMAIL :* The sender of this email is external to 3DS. Be wary
> of the content and do not open unexpected attachments or links. Original
> email starts after the REPORT SPAM banner.
>
>
>
> *REPORT THIS EMAIL AS SPAM :* Click here
> <https://spam-report.3ds.com/?link=%3ca%20href=%22https://www.mailcontrol.com/sr/-xGF7Es-olfGX2PQPOmvUgofk55GphrML9VyGxAFs3k33OuVtW-WqD8dLOhpeJg67wLZt6gch7BOzrnJmt4uGw==%22%3ehere%3c/a%3e>
> (no login or additional action will be requested).
>
>
>
> Well, I changed my remoteip.conf file to contain:
>
>
>
> RemoteIPHeader X-Forwarded-For
> RemoteIPInternalProxy 127.0.0.1 198.101.193.34
>
>
>
> But that didn't change anything.
>
>
>
> Any other ideas?
>
>
>
> Mike.
>
>
>
> On Fri, Oct 16, 2020 at 2:23 PM Eric Covener wrote:
>
> > r...@example.com:/etc/apache2# cat
> conf-enabled/remoteip.conf
> >
> > RemoteIPHeader X-Forwarded-For
> > RemoteIPTrustedProxy 127.0.0.1 198.101.193.34
>
> I think these need to be
>
> https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html#remoteipinternalproxy
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
> This email and any attachments are intended solely for the use of the
> individual or entity to whom it is addressed and may be confidential and/or
> privileged.
>
> If you are not one of the named recipients or have received this email in
> error,
>
> (i) you should not read, disclose, or copy it,
>
> (ii) please notify sender of your receipt by reply email and delete this
> email and all attachments,
>
> (iii) Dassault Systèmes does not accept or assume any liability or
> responsibility for any use of or reliance on this email.
>
> Please be informed that your personal data are processed according to our
> data privacy policy as described on our website. Should you have any
> questions related to personal data protection, please contact 3DS Data
> Protection Officer at 3ds.compliance-priv...@3ds.com
>
>
> For other languages, go to https://www.3ds.com/terms/email-disclaimer
>
RE: [users@httpd] Sending client's IP address to local proxied application server.
ProxyPreserveHost On (it is set off by default) will preserve incoming Host
header. For IP, you could use a custom header using %{REMOTE_ADDR}as the value.
Best Regards,
Rob DICKEY
Americas R Technical Customer Support Senior Manager
rob.dic...@3ds.com <mailto:rob.dic...@3ds.com>
3DS.COM <http://www.3ds.com/>
[cid:image002.png@01D6A3B6.D2A6F220]
DS Americas Corp. | 523 W 6th Street | Los Angeles, CA 90014 | United States
From: Mike Diehl
Sent: Friday, October 16, 2020 11:35 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Sending client's IP address to local proxied
application server.
EXTERNAL EMAIL : The sender of this email is external to 3DS. Be wary of the
content and do not open unexpected attachments or links. Original email starts
after the REPORT SPAM banner.
REPORT THIS EMAIL AS SPAM : Click
here<https://spam-report.3ds.com/?link=%3ca%20href=%22https://www.mailcontrol.com/sr/-xGF7Es-olfGX2PQPOmvUgofk55GphrML9VyGxAFs3k33OuVtW-WqD8dLOhpeJg67wLZt6gch7BOzrnJmt4uGw==%22%3ehere%3c/a%3e>
(no login or additional action will be requested).
Well, I changed my remoteip.conf file to contain:
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 127.0.0.1 198.101.193.34
But that didn't change anything.
Any other ideas?
Mike.
On Fri, Oct 16, 2020 at 2:23 PM Eric Covener
mailto:cove...@gmail.com>> wrote:
> r...@example.com:/etc/apache2#<mailto:r...@example.com:/etc/apache2> cat
> conf-enabled/remoteip.conf
>
> RemoteIPHeader X-Forwarded-For
> RemoteIPTrustedProxy 127.0.0.1 198.101.193.34
I think these need to be
https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html#remoteipinternalproxy
-
To unsubscribe, e-mail:
users-unsubscr...@httpd.apache.org<mailto:users-unsubscr...@httpd.apache.org>
For additional commands, e-mail:
users-h...@httpd.apache.org<mailto:users-h...@httpd.apache.org>
This email and any attachments are intended solely for the use of the
individual or entity to whom it is addressed and may be confidential and/or
privileged.
If you are not one of the named recipients or have received this email in error,
(i) you should not read, disclose, or copy it,
(ii) please notify sender of your receipt by reply email and delete this email
and all attachments,
(iii) Dassault Systèmes does not accept or assume any liability or
responsibility for any use of or reliance on this email.
Please be informed that your personal data are processed according to our data
privacy policy as described on our website. Should you have any questions
related to personal data protection, please contact 3DS Data Protection Officer
at 3ds.compliance-priv...@3ds.com<mailto:3ds.compliance-priv...@3ds.com>
For other languages, go to https://www.3ds.com/terms/email-disclaimer
Re: [users@httpd] Sending client's IP address to local proxied application server.
Well, I changed my remoteip.conf file to contain: RemoteIPHeader X-Forwarded-For RemoteIPInternalProxy 127.0.0.1 198.101.193.34 But that didn't change anything. Any other ideas? Mike. On Fri, Oct 16, 2020 at 2:23 PM Eric Covener wrote: > > r...@example.com:/etc/apache2# cat conf-enabled/remoteip.conf > > > > RemoteIPHeader X-Forwarded-For > > RemoteIPTrustedProxy 127.0.0.1 198.101.193.34 > > I think these need to be > > https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html#remoteipinternalproxy > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] Sending client's IP address to local proxied application server.
> r...@example.com:/etc/apache2# cat conf-enabled/remoteip.conf > > RemoteIPHeader X-Forwarded-For > RemoteIPTrustedProxy 127.0.0.1 198.101.193.34 I think these need to be https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html#remoteipinternalproxy - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Sending client's IP address to local proxied application server.
Hi all,
I've got an application server, written in Perl Dancer2, that needs to get
access to the client's actual IP address. But instead, it's getting the IP
address of the apache server.
Both the Apache and application server are running on the same hardware.
Here is how I have the vhost defined: (sanitized)
SSLEngine on
SSLCertificateFile /etc/ssl/www.example.com/WWW.EXAMPLE.COM.crt
SSLCertificateKeyFile /etc/ssl/www.example.com/server.key
SSLCertificateChainFile /etc/ssl/
www.example.com/OV_NetworkSolutionsOVServerCA2.crt
ServerAdmin webmaster@localhost
ServerName example.com
ServerAlias www.example.com *.example.com
DocumentRoot /web/hw/
DirectoryIndex index.cfm
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPass "http://127.0.0.1:8080/apps/;
I have mod_remoteid installed and configured:
r...@example.com:/etc/apache2# cat conf-enabled/remoteip.conf
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 127.0.0.1 198.101.193.34
But when I access a URL that runs on the app server, the app server gets
127.0.0.1 as the client's address.
Looking at the HTTP headers doesn't yield the correct results, either:
accept ->
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
accept-encoding -> gzip, deflate, br
accept-language -> en-US,en;q=0.5
connection -> Keep-Alive
host -> 127.0.0.1:8080
upgrade-insecure-requests -> 1
user-agent -> Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:81.0)
Gecko/20100101 Firefox/81.0
x-forwarded-for -> 198.101.193.34
x-forwarded-host -> www.example.com
x-forwarded-server -> example.com
The value of the x-forwarded-for header is the outside interface on the
Apache server, NOT the client's address.
What have I done wrong?
Thanks in advance,
Mike.
