On Fri, Apr 09, 2010 at 12:42:41AM +0300, Toni Mattila wrote: > Hi Willy, > > >Since you're using HTTP, it's a real waste of simplicity and performance > >to try to work in transparent mode. You'd better work in a normal proxy > >mode and configure your web server to report the client's IP address in > >the logs instead of relying on haproxy and your kernel to spoof the client. > > The reason I'm pursuing this transparent route is that I haven't found a > real clean patch for Apache that would report X-Forwarded-For also > reliably to CGI's REMOTE_ADDR env-variable and to .htaccess deny/allow > lines. So you wouldn't have to modify existing scripts / .htaccesses to > know about the reverse proxy. > > If there's a good patch for Apache 2.x that supports that I'd be more > than happy to use that instead of this bit kludgy way.
in my opinion, mod_rpaf does all that, unless I missed something. Regards, Willy
