https://issues.apache.org/bugzilla/show_bug.cgi?id=55635
Bug ID: 55635
Summary: mod_remoteip remove first not trusted IP from
RemoteIPHeader
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_remoteip
Assignee: [email protected]
Reporter: [email protected]
mod_remoteip remove first not trusted IP(Client IP) from RemoteIPHeader
httpd.conf
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 172.20.106.70
RemoteIPTrustedProxy 87.250.250.203
LogFormat "%h %a %{c}a %{X-Forwarded-For}i %l %u %t \"%m\" \"%r&\" \"%q&\" %>s
%b \"%{Referer}i\" \"%{User-Agent}i\" pid=%{pid}P tid=%{tid}P time_ms=%D"
combined
CustomLog
"|/import/home/ivan.voronin/tmp/tmp/apache_project/distrib/apache2/bin/rotatelogs
logs/access_log.%Y.%m.%d 86400" combined
<Location /test>
Order Deny,Allow
Deny from all
Allow from localhost 127.0.0.1 1.1.1.1
</Location>
GET http://srv2-x64rh6-01:1280/test/1.xml
[no cookies]
Request Headers:
Connection: keep-alive
X-Forwarded-For: 1.1.1.2, 1.1.1.1, 87.245.198.54, 87.250.250.203
Accept: */*
Host: srv2-x64rh6-01:1280
User-Agent: Apache-HttpClient/4.1.2 (java 1.5)
access_log.2013.10.07:
ivoronin.net.billing.ru 87.245.198.54 172.20.106.70 1.1.1.2, 1.1.1.1 - -
[07/Oct/2013:12:44:00 +0400] "GET" "GET /test/1.xml HTTP/1.1&" "&" 403 212 "-"
"Apache-HttpClient/4.1.2 (java 1.5)" pid=27844 tid=140346537215744 time_ms=3111
As you can see, mod_remoteip removed 87.245.198.54 from X-Forwarded-For
(RemoteIPHeader).
This is not the behavior as documented because 87.245.198.54 is not configured
to be "trusted".
So, it's not possible to pass correct Client IP to backend if the mod_remoteip
is used.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
