Re: problem with forwardfor option

Thu, 22 Jan 2009 10:27:36 -0800 

Hey,
I think I may know what the problem is, but I am having a hard time finding docs on the matter and thus turning here :). On the mod_rpaf page it says: 


"It changes the remote address of the client visible to other Apache  
modules when two conditions are satisfied. First condition is that the  
remote client is actually a proxy that is defined in httpd.conf.  
Secondly if there is an incoming X-Forwarded-For header and the proxy  
is in it's list of known proxies it takes the last IP from the  
incoming X-Forwarded-For header and changes the remote address of the  
client in the request structure. It also takes the incoming X-Host  
header and updates the virtualhost settings accordingly. For Apache2  
mod_proxy it takes the X-Forwared-Host header and updates the  
virtualhosts."



So one of the conditions is that the haproxy (ip) has to be listed in  
the httpd.conf as a valid proxy.  I don't have that and I am not sure  
how to specify that.  I have been scouring the web with no luck, can  
some kind soul please throw me a pointer as to where I can find out  
this info. :)


Thanks!
ttyl
Dima



On 21-Jan-09, at 5:03 PM, Patrick Viet wrote:


On Wed, Jan 21, 2009 at 11:40 PM, Dima Brodsky <[email protected]> wrote:

I am telling mod_rpaf to look at both the local and the assigned  
IP.  I am
also seeing it being re-writtent about 50% of the time, but a lot  
of the

times I still see the poxy's IP.  Question, this setup is running on

Amazon's EC2 ... does anybody know if there is any sort of special  
config

that needs to be done?  In the http logs I am printing %h and
%{X-Forwarded-For}i


Hi,

OK I get it now. You are *NOT* supposed to get a X-Forwarded-for the
second time : you actually do not get it ! Just ignore the existence
of it in your apache config. Log with normal log parameters...
mod_rpaf replaces remote ip (%h) variable for apache and whatever is
running in it (mod_php and so on).


Yes, mod_rpaf is at the end of the module list, should it be closer  
to the

top?  I am new to apache config, so I gather modules are processed in
reverse order they are listed in the config file?


Yes.

--
Patrick Viet





--
[email protected]                               http://www.cs.ubc.ca/~dima

"The price of reliability is the pursuit of the utmost simplicity.
It is a price which the very rich find the most hard to pay."

                                                                     
(Sir Antony Hoare, 1980)
































					Reply via email to