On Fri, 4 Aug 2006, John ORourke wrote:
Jonathan Vanasco wrote:
my mp2 needs to get the ip of the remote address
on some installations, mp2 is on port 80
on other installations, mp2 is on 80xx and the ip is in X-Forwarded-For
You could re-write the remote IP at an early stage - add a PerlFixupHandler
or PerlTransHandler which goes something like (assuming its IPv4!):
sub handler { my $r=shift;
if($r->headers_in->{'X-Forwarded-For'} =~/(\d+\.\d+\.\d+\.\d+)/){
$r->remote_ip($1);
}
return DECLINED; # let other handlers run too
}
Remember your proxy might be just be adding to an existing x-forwarded-for
header if the user already came from a proxy, so adjust the regex to pick the
right IP - it's probably the first one in a comma separated list if all the
proxies are well behaved but remember it's a non-standard header.
Here's a snippet of code that I've used to do that:
my $ReIpNum = qr{([01]?\d\d?|2[0-4]\d|25[0-5])};
my $ReIpAddr =
qr{^$ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum$};
my $host = $r->headers_in->get('X-Forwarded-For') ||
$r->connection->remote_ip;
if ($host =~ /,/) {
my @a = split /\s*,\s*/, $host;
for my $i (0 .. $#a) {
if ($a[$i] =~ /$ReIpAddr/
and $a[$i] ne '127.0.0.1') {
$host = $a[$i];
last;
}
}
$host = '127.0.0.1' if $host =~ /,/;
}
Note that in Apache/2 X-Forwarded-For is added within
mod_proxy_http:
http://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c
which thus must be enabled.
--
best regards,
Randy Kobes
