We are about to introduce client certificates for (optional) authentication.
...
SSLOptions +StdEnvVars +ExportCertData
SSLCACertificateFile conf/ssl.crt/ca.crt SSLVerifyClient optional
SSLVerifyDepth 4 ...
Unfortunately Safari@mac has problems (apparently a bug) connecting to Apache
Mike,
On 10/1/14 5:40 PM, Mike Rumph wrote:
What version of Apache httpd are you running?
Thanks for the reply. We are running 2.4 and 2.2 on various servers, but
I'm starting with this one:
Server version: Apache/2.4.10 (Amazon)
Server built: Jul 30 2014 23:57:28
This is the httpd package
Hello Christopher,
Since you are running 2.4.10, you have the latest mod_remoteip fixes.
But I think the problem is in the directives that you are using:
RemoteIPHeader X-Forwarded-For
#RemoteIPTrustedProxy 10.0.0.0/8
If you only use the RemoteIPHeader directive, then the default is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mike,
On 10/2/14 12:04 PM, Mike Rumph wrote:
Since you are running 2.4.10, you have the latest mod_remoteip
fixes. But I think the problem is in the directives that you are
using:
RemoteIPHeader X-Forwarded-For #RemoteIPTrustedProxy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mike,
On 10/2/14 12:37 PM, Christopher Schultz wrote:
With my above configuration, I got a line in my (your) access log
that looks like this:
10.32.219.77 71.178.180.80 10.32.219.77 xf=- - -
[02/Oct/2014:16:33:39 +] GET GET
Hello Christopher,
It just occurred to me that you might be referring to the first field
(%h) in your log records.
This is going to be the remote hostname.
So this is showing the IP address of your immediate proxy.
If you want to see the true original client IP address (as calculated by
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mike,
On 10/2/14 1:18 PM, Mike Rumph wrote:
It just occurred to me that you might be referring to the first
field (%h) in your log records.
Precisely.
This is going to be the remote hostname. So this is showing the IP
address of your
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mike,
On 10/2/14 1:18 PM, Mike Rumph wrote:
It just occurred to me that you might be referring to the first
field (%h) in your log records. This is going to be the remote
hostname. So this is showing the IP address of your immediate
proxy. If
On 10/2/2014 11:07 AM, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mike,
Okay, using %a works when using mod_remoteip. AWS Linux uses %h by
default for its httpd.conf definition of combined log format, so
I've changed that and I'm getting the logging I desire.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mike,
On 10/2/14 2:27 PM, Mike Rumph wrote:
On 10/2/2014 11:07 AM, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256
Mike,
Okay, using %a works when using mod_remoteip. AWS Linux uses %h
by default for its
I have a situation where I may have to do some context-dependent
balancer routing.
I presently have a global balancer which can load-balance to any of the
target servers:
Proxy balancer://global
# IP addresses have been changed to protect the innocent
BalancerMember ajp://10.0.1.10:8009
11 matches
Mail list logo