Re: [users@httpd] Sending client's IP address to local proxied application server.
On Fri, Oct 30, 2020 at 9:04 PM Mike Diehl wrote: > > Well, I added this to the vhost definition: > > ProxyPreserveHost On > RemoteIPHeader X-Forwarded-For > > Now I'm getting the web server's outside IP address as the value of the > x-forwarded-for header. This is progress, but not quite what I need. I need > the original client's IP address before the request gets proxied to my > application server. > > Any other ideas? You need to tell the proxy itself to add the X-Forwarded-* headers, using ProxyAddHeaders ([1]). So your section could be something like: ProxyPass "http://127.0.0.1:8080/apps/; ProxyAddHeaders on Regards; Yann. [1] https://httpd.apache.org/docs/2.4/en/mod/mod_proxy.html#proxyaddheaders - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Sending client's IP address to local proxied application server.
Well, I added this to the vhost definition: ProxyPreserveHost On RemoteIPHeader X-Forwarded-For Now I'm getting the web server's outside IP address as the value of the x-forwarded-for header. This is progress, but not quite what I need. I need the original client's IP address before the request gets proxied to my application server. Any other ideas? Thanks in advance, Mike. On Fri, Oct 16, 2020 at 3:21 PM DICKEY Rob wrote: > ProxyPreserveHost On (it is set off by default) will preserve incoming > Host header. For IP, you could use a custom header using %{REMOTE_ADDR}as > the value. > > > > Best Regards, > > > > Rob DICKEY > > Americas R Technical Customer Support Senior Manager > > rob.dic...@3ds.com > > *3DS.COM* <http://www.3ds.com/> > > *DS Americas Corp.* | *523 W 6th Street | Los Angeles, CA 90014 | United > States * > > > > *From:* Mike Diehl > *Sent:* Friday, October 16, 2020 11:35 AM > *To:* users@httpd.apache.org > *Subject:* Re: [users@httpd] Sending client's IP address to local proxied > application server. > > > > *EXTERNAL EMAIL :* The sender of this email is external to 3DS. Be wary > of the content and do not open unexpected attachments or links. Original > email starts after the REPORT SPAM banner. > > > > *REPORT THIS EMAIL AS SPAM :* Click here > <https://spam-report.3ds.com/?link=%3ca%20href=%22https://www.mailcontrol.com/sr/-xGF7Es-olfGX2PQPOmvUgofk55GphrML9VyGxAFs3k33OuVtW-WqD8dLOhpeJg67wLZt6gch7BOzrnJmt4uGw==%22%3ehere%3c/a%3e> > (no login or additional action will be requested). > > > > Well, I changed my remoteip.conf file to contain: > > > > RemoteIPHeader X-Forwarded-For > RemoteIPInternalProxy 127.0.0.1 198.101.193.34 > > > > But that didn't change anything. > > > > Any other ideas? > > > > Mike. > > > > On Fri, Oct 16, 2020 at 2:23 PM Eric Covener wrote: > > > r...@example.com:/etc/apache2# cat > conf-enabled/remoteip.conf > > > > RemoteIPHeader X-Forwarded-For > > RemoteIPTrustedProxy 127.0.0.1 198.101.193.34 > > I think these need to be > > https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html#remoteipinternalproxy > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > This email and any attachments are intended solely for the use of the > individual or entity to whom it is addressed and may be confidential and/or > privileged. > > If you are not one of the named recipients or have received this email in > error, > > (i) you should not read, disclose, or copy it, > > (ii) please notify sender of your receipt by reply email and delete this > email and all attachments, > > (iii) Dassault Systèmes does not accept or assume any liability or > responsibility for any use of or reliance on this email. > > Please be informed that your personal data are processed according to our > data privacy policy as described on our website. Should you have any > questions related to personal data protection, please contact 3DS Data > Protection Officer at 3ds.compliance-priv...@3ds.com > > > For other languages, go to https://www.3ds.com/terms/email-disclaimer >
RE: [users@httpd] Sending client's IP address to local proxied application server.
ProxyPreserveHost On (it is set off by default) will preserve incoming Host header. For IP, you could use a custom header using %{REMOTE_ADDR}as the value. Best Regards, Rob DICKEY Americas R Technical Customer Support Senior Manager rob.dic...@3ds.com <mailto:rob.dic...@3ds.com> 3DS.COM <http://www.3ds.com/> [cid:image002.png@01D6A3B6.D2A6F220] DS Americas Corp. | 523 W 6th Street | Los Angeles, CA 90014 | United States From: Mike Diehl Sent: Friday, October 16, 2020 11:35 AM To: users@httpd.apache.org Subject: Re: [users@httpd] Sending client's IP address to local proxied application server. EXTERNAL EMAIL : The sender of this email is external to 3DS. Be wary of the content and do not open unexpected attachments or links. Original email starts after the REPORT SPAM banner. REPORT THIS EMAIL AS SPAM : Click here<https://spam-report.3ds.com/?link=%3ca%20href=%22https://www.mailcontrol.com/sr/-xGF7Es-olfGX2PQPOmvUgofk55GphrML9VyGxAFs3k33OuVtW-WqD8dLOhpeJg67wLZt6gch7BOzrnJmt4uGw==%22%3ehere%3c/a%3e> (no login or additional action will be requested). Well, I changed my remoteip.conf file to contain: RemoteIPHeader X-Forwarded-For RemoteIPInternalProxy 127.0.0.1 198.101.193.34 But that didn't change anything. Any other ideas? Mike. On Fri, Oct 16, 2020 at 2:23 PM Eric Covener mailto:cove...@gmail.com>> wrote: > r...@example.com:/etc/apache2#<mailto:r...@example.com:/etc/apache2> cat > conf-enabled/remoteip.conf > > RemoteIPHeader X-Forwarded-For > RemoteIPTrustedProxy 127.0.0.1 198.101.193.34 I think these need to be https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html#remoteipinternalproxy - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org<mailto:users-unsubscr...@httpd.apache.org> For additional commands, e-mail: users-h...@httpd.apache.org<mailto:users-h...@httpd.apache.org> This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may be confidential and/or privileged. If you are not one of the named recipients or have received this email in error, (i) you should not read, disclose, or copy it, (ii) please notify sender of your receipt by reply email and delete this email and all attachments, (iii) Dassault Systèmes does not accept or assume any liability or responsibility for any use of or reliance on this email. Please be informed that your personal data are processed according to our data privacy policy as described on our website. Should you have any questions related to personal data protection, please contact 3DS Data Protection Officer at 3ds.compliance-priv...@3ds.com<mailto:3ds.compliance-priv...@3ds.com> For other languages, go to https://www.3ds.com/terms/email-disclaimer
Re: [users@httpd] Sending client's IP address to local proxied application server.
Well, I changed my remoteip.conf file to contain: RemoteIPHeader X-Forwarded-For RemoteIPInternalProxy 127.0.0.1 198.101.193.34 But that didn't change anything. Any other ideas? Mike. On Fri, Oct 16, 2020 at 2:23 PM Eric Covener wrote: > > r...@example.com:/etc/apache2# cat conf-enabled/remoteip.conf > > > > RemoteIPHeader X-Forwarded-For > > RemoteIPTrustedProxy 127.0.0.1 198.101.193.34 > > I think these need to be > > https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html#remoteipinternalproxy > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] Sending client's IP address to local proxied application server.
> r...@example.com:/etc/apache2# cat conf-enabled/remoteip.conf > > RemoteIPHeader X-Forwarded-For > RemoteIPTrustedProxy 127.0.0.1 198.101.193.34 I think these need to be https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html#remoteipinternalproxy - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Sending client's IP address to local proxied application server.
Hi all, I've got an application server, written in Perl Dancer2, that needs to get access to the client's actual IP address. But instead, it's getting the IP address of the apache server. Both the Apache and application server are running on the same hardware. Here is how I have the vhost defined: (sanitized) SSLEngine on SSLCertificateFile /etc/ssl/www.example.com/WWW.EXAMPLE.COM.crt SSLCertificateKeyFile /etc/ssl/www.example.com/server.key SSLCertificateChainFile /etc/ssl/ www.example.com/OV_NetworkSolutionsOVServerCA2.crt ServerAdmin webmaster@localhost ServerName example.com ServerAlias www.example.com *.example.com DocumentRoot /web/hw/ DirectoryIndex index.cfm ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined ProxyPass "http://127.0.0.1:8080/apps/; I have mod_remoteid installed and configured: r...@example.com:/etc/apache2# cat conf-enabled/remoteip.conf RemoteIPHeader X-Forwarded-For RemoteIPTrustedProxy 127.0.0.1 198.101.193.34 But when I access a URL that runs on the app server, the app server gets 127.0.0.1 as the client's address. Looking at the HTTP headers doesn't yield the correct results, either: accept -> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 accept-encoding -> gzip, deflate, br accept-language -> en-US,en;q=0.5 connection -> Keep-Alive host -> 127.0.0.1:8080 upgrade-insecure-requests -> 1 user-agent -> Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0 x-forwarded-for -> 198.101.193.34 x-forwarded-host -> www.example.com x-forwarded-server -> example.com The value of the x-forwarded-for header is the outside interface on the Apache server, NOT the client's address. What have I done wrong? Thanks in advance, Mike.