https://issues.apache.org/bugzilla/show_bug.cgi?id=55635
--- Comment #1 from Mike Rumph <[email protected]> --- Hello Ivan, Thanks for reporting this. I have been trying to replicate your setup, but I am getting different results. I am using httpd trunk on a Linux system. Perhaps you are running a different version of httpd? I've made a few changes that should still be equivalent. 1) I changed the LogFormat as follows to make the log entries a little easier for me to read: LogFormat "%h %a %{c}a xf=\"%{X-Forwarded-For}i\" %l %u %t \"%m\" \"%r&\" \"%q&\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" pid=%{pid}P tid=%{tid}P time_ms=%D" combined 2) I am using curl instead of Apache HTTP Client similar to the following: curl -v -H "X-Forwarded-For: 1.1.1.2, 1.1.1.1, 87.245.198.54, 87.250.250.203" http://srv2-x64rh6-01:1280/test/1.xml 3) I changed the value of RemoteIPInternalProxy to match my own client server. (which is also a private network IP like yours) 4) The rest of the addresses are exactly the same as yours. The result I am getting is equivalent to the following changes to your results: access_log.2013.10.07: ivoronin.net.billing.ru 1.1.1.2 172.20.106.70 xf="-" - - [07/Oct/2013:12:44:00 +0400] "GET" "GET /test/1.xml HTTP/1.1&" "&" 403 212 "-" "Apache-HttpClient/4.1.2 (java 1.5)" pid=27844 tid=140346537215744 time_ms=3111 In other words, the client IP is changed to the first IP address in the X-Forwarded-For list and the X-Forwarded-For header is cleared. If I change the Allow to "Allow from localhost 127.0.0.1 1.1.1.2", I get the following equivalent result: access_log.2013.10.07: ivoronin.net.billing.ru 1.1.1.2 172.20.106.70 xf="1.1.1.2" - - [07/Oct/2013:12:44:00 +0400] "GET" "GET /test/1.xml HTTP/1.1&" "&" 403 212 "-" "Apache-HttpClient/4.1.2 (java 1.5)" pid=27844 tid=140346537215744 time_ms=3111 Take care, Mike Rumph -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
