Thanks for the clarification. Originally, I couldn't see how this would impact me, but I just realized that indeed it does affect me somewhat.
FYI, there is a Tomcat Valve & Filter port of apache's mod_remoteip module, which is supposed to replace the IPs and schemes/etc that Tomcat sees for instances behind load balancers and proxies. http://code.google.com/p/xebia-france/wiki/RemoteIpValve Thanks, Eric "Jean-Pierre van Melis" <[email protected]> wrote in message news:[email protected]... Your backends receive all their info from your proxy and see your proxy as the original sender. Luckily there's something like a forwarded-for header which is inserted by pound. You need to modify your backend so it will not show the IP where it's coming from, but this header which is inserted by pound. If, for instance, you have a simple application running on your webserver which does something with the sender IP, this application needs to use this forwarded-for header instead of the normal header. You may say, easy enough.... modify that too.. But this website may be owned by a third party which had its website developed and running on another server and all of a sudden things don't work as expected anymore after it moved to this backend which is behind pound. All this is not necessary. With TPROXY pound can be made into a true transparent proxy. Although the http-traffic travels through the proxy they are delivered to the backends in IP-packets which have the original IP in them. The backend will think the traffic is coming from the Internet instead of the proxy. For this to work it needs to work together with the gateway. If the backend thinks that http-data is coming from the Internet it will answer to that address as well. It will give this data to the gateway and tells it to send it to the Internet. The gateway knows that in fact it shouldn't do this but send it to the proxy instead which will send that packet to the gateway again. This time the gateway knows it should really send it to the Internet and now the http-request has been answered... For all this to work we need a modified pound and a mechanism on the gateway which facilitates this. -----Oorspronkelijk bericht----- Van: news [mailto:[email protected]] Namens Eric B. Verzonden: dinsdag 20 oktober 2009 5:33 Aan: [email protected] Onderwerp: Re: [Pound Mailing List] TPROXY Hi, I'm a bit confused by your statement. Can you explain what you mean by you need to configure the backends to they are listening to a proxy and not the real client? I'm using Pound as a proxy in front of a Tomcat server, and I have made no changes to the Tomcat configuration (except the logging) to accoutn for Pound. Do I need to do something additional? Thanks, Eric "Jean-Pierre van Melis" <[email protected]> wrote in message news:[email protected]... Is there some chance this TPROXY can get in the main code? Having a transparent proxy makes it so much more powerful... I'm sure it can be made it's not getting in the way of those using a classic proxy. I'm running pound on my router which is also the gateway of my network and having a transparent proxy means I do not have to change the logging of my webserver. Even if you changed the logging.. it still isn't the same as all the backends need to be made aware they are in fact listening to a proxy and not to the real client.... -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
