Hmmm ... But what I am seeing in the logs is the following:
without mod_rpaf in the logs I see:
%{X-Forwarded-For}i == 'client ip'
%h == 'proxy ip'
and with keep-live I see:
%{X-Forwarded-For}i == empty
%h == 'proxy ip'
with mod_rpaf I see:
%{X-Forwarded-For}i == 'client ip'
%h == 'client ip'
and with keep-live I see:
%{X-Forwarded-For}i == empty
%h == 'proxy ip'
so even with mod_rpaf I still see the proxy ip with %h when keep-alive
is used, and my application see the proxy ip :(
On 21-Jan-09, at 5:03 PM, Patrick Viet wrote:
On Wed, Jan 21, 2009 at 11:40 PM, Dima Brodsky <[email protected]> wrote:
I am telling mod_rpaf to look at both the local and the assigned
IP. I am
also seeing it being re-writtent about 50% of the time, but a lot
of the
times I still see the poxy's IP. Question, this setup is running on
Amazon's EC2 ... does anybody know if there is any sort of special
config
that needs to be done? In the http logs I am printing %h and
%{X-Forwarded-For}i
Hi,
OK I get it now. You are *NOT* supposed to get a X-Forwarded-for the
second time : you actually do not get it ! Just ignore the existence
of it in your apache config. Log with normal log parameters...
mod_rpaf replaces remote ip (%h) variable for apache and whatever is
running in it (mod_php and so on).
Yes, mod_rpaf is at the end of the module list, should it be closer
to the
top? I am new to apache config, so I gather modules are processed in
reverse order they are listed in the config file?
Yes.
--
Patrick Viet
--
[email protected] http://www.cs.ubc.ca/~dima
"The price of reliability is the pursuit of the utmost simplicity.
It is a price which the very rich find the most hard to pay."
(Sir Antony Hoare, 1980)
