[users@httpd] conditional client certificate verification

We are about to introduce client certificates for (optional) authentication. ... SSLOptions +StdEnvVars +ExportCertData SSLCACertificateFile conf/ssl.crt/ca.crt SSLVerifyClient optional SSLVerifyDepth 4 ... Unfortunately Safari@mac has problems (apparently a bug) connecting to Apache

Re: [users@httpd] mod_remoteip not setting client's ip with AWS ELB

Mike, On 10/1/14 5:40 PM, Mike Rumph wrote: What version of Apache httpd are you running? Thanks for the reply. We are running 2.4 and 2.2 on various servers, but I'm starting with this one: Server version: Apache/2.4.10 (Amazon) Server built: Jul 30 2014 23:57:28 This is the httpd package

Re: [users@httpd] mod_remoteip not setting client's ip with AWS ELB

Hello Christopher, Since you are running 2.4.10, you have the latest mod_remoteip fixes. But I think the problem is in the directives that you are using: RemoteIPHeader X-Forwarded-For #RemoteIPTrustedProxy 10.0.0.0/8 If you only use the RemoteIPHeader directive, then the default is

Re: [users@httpd] mod_remoteip not setting client's ip with AWS ELB

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mike, On 10/2/14 12:04 PM, Mike Rumph wrote: Since you are running 2.4.10, you have the latest mod_remoteip fixes. But I think the problem is in the directives that you are using: RemoteIPHeader X-Forwarded-For #RemoteIPTrustedProxy

Re: [users@httpd] mod_remoteip not setting client's ip with AWS ELB

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mike, On 10/2/14 12:37 PM, Christopher Schultz wrote: With my above configuration, I got a line in my (your) access log that looks like this: 10.32.219.77 71.178.180.80 10.32.219.77 xf=- - - [02/Oct/2014:16:33:39 +] GET GET

Re: [users@httpd] mod_remoteip not setting client's ip with AWS ELB

Hello Christopher, It just occurred to me that you might be referring to the first field (%h) in your log records. This is going to be the remote hostname. So this is showing the IP address of your immediate proxy. If you want to see the true original client IP address (as calculated by

Re: [users@httpd] mod_remoteip not setting client's ip with AWS ELB

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mike, On 10/2/14 1:18 PM, Mike Rumph wrote: It just occurred to me that you might be referring to the first field (%h) in your log records. Precisely. This is going to be the remote hostname. So this is showing the IP address of your

Re: [users@httpd] mod_remoteip not setting client's ip with AWS ELB

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mike, On 10/2/14 1:18 PM, Mike Rumph wrote: It just occurred to me that you might be referring to the first field (%h) in your log records. This is going to be the remote hostname. So this is showing the IP address of your immediate proxy. If

Re: [users@httpd] mod_remoteip not setting client's ip with AWS ELB

On 10/2/2014 11:07 AM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mike, Okay, using %a works when using mod_remoteip. AWS Linux uses %h by default for its httpd.conf definition of combined log format, so I've changed that and I'm getting the logging I desire.

Re: [users@httpd] mod_remoteip not setting client's ip with AWS ELB

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mike, On 10/2/14 2:27 PM, Mike Rumph wrote: On 10/2/2014 11:07 AM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mike, Okay, using %a works when using mod_remoteip. AWS Linux uses %h by default for its

[users@httpd] Can a server be a member of more than one balancer group?

I have a situation where I may have to do some context-dependent balancer routing. I presently have a global balancer which can load-balance to any of the target servers: Proxy balancer://global # IP addresses have been changed to protect the innocent BalancerMember ajp://10.0.1.10:8009