subject:"Bug#807120\: Deprecate mod_rpaf, transition to mod

Bug#807120: Deprecate mod_rpaf, transition to mod_remoteip

2016-02-12 Thread Konstantin Pavlov

The problem with mod_remoteip is that it is currently (first reported in
2013 [1]) broken in a setup where apache 2.4 is used behind a reverse
proxy.  remoteip module changes the client IP address (%a) but does not
change the host name (%h or REMOTE_HOST passed to other modules,
resolved via HostNameLookups On/Double).

apache2 2.4.10-10+deb8u4 and libapache2-mod-rpaf=0.6-13 do not suffer
from that problem.

[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=55348

-- 
Konstantin Pavlov

Bug#807120: Deprecate mod_rpaf, transition to mod_remoteip

2015-12-05 Thread Sergey B Kirpichev

Package: apache2
Severity: important

mod_rpaf module has dead upstream (there are alternative
at https://github.com/gnif/mod_rpaf/) and has a good
candidate for replacement in the core modules:
http://httpd.apache.org/docs/2.4/mod/mod_remoteip.html

Probably, we must coordinate transition from mod_rpaf
to mod_remoteip and then remove mod_rpaf.

Default rpaf.conf could be replaced with:

  RemoteIPHeader X-Forwarded-For
  RemoteIPTrustedProxy 127.0.0.1

In general, this mapping should work:
  RPAFheader <-> RemoteIPHeader
  RPAFproxy_ips <-> RemoteIPTrustedProxy

To get CLF-type logs with proper client addresses we should use %a
instead of %h.  Could we alter the default common log format entry?

Bug#807120: Deprecate mod_rpaf, transition to mod_remoteip

Bug#807120: Deprecate mod_rpaf, transition to mod_remoteip

2 matches

Site Navigation

Mail list logo

Footer information