https://bz.apache.org/bugzilla/show_bug.cgi?id=66678
Bug ID: 66678
Summary: Apache2 RemoteIP module should NOT return 0.0.0.0 as
valid Remote IP when "RemoteIPHeader X-Forwarded-For"
is set
Product: Apache httpd-2
Version: 2.4.52
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: mod_remoteip
Assignee: bugs@httpd.apache.org
Reporter: sha...@drikpanchang.com
Target Milestone: ---
Apache2 Log confirms that RemoteIP module considers 0.0.0.0 as valid client IP
for Remote IP address.
The Apache2 is running behind Google HTTPS Proxy. Apache RemoteIP module is
enabled which seems to work fine. Some requests are flagged in PHP code when
Remote IP is 0.0.0.0. After investigation it is guessed that for some
X-Forwarded-For IP list might have 0.0.0.0. Apache logs prints
LogFormat "%V:%p|%a|%{c}a|%{remoteip-proxy-ip-list}n|%{X-Forwarded-For}i|
%a is 0.0.0.0
%{c}a is 35.191.14.79
%{remoteip-proxy-ip-list}n is 35.191.14.79, 34.36.172.235, 193.1.150.232
%{X-Forwarded-For}i remains empty
It can happen only when X-Forwarded-For is set to 0.0.0.0, 193.1.150.232,
34.36.172.235, 35.191.14.79
193.1.150.232 looks like private address and Remote IP should stop parsing
before it and set the remote IP as 34.36.172.235 and not 0.0.0.0 .
Even if 193.1.150.232 is public address, it should be considered as RemoteIP
and not 0.0.0.0.
I have also created post on StackOverFlow
https://stackoverflow.com/questions/76622469/apache2-remoteip-module-returns-0-0-0-0-when-remoteipheader-x-forwarded-for-is-s
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org
