Re: [Zope-dev] ProxyPass and SiteAccess getting REMOTE_ADDR
William Noon wrote: Last week I was setting up an Apache VirtualHost to point to a Zope object tree using the ProxyPass directive and SiteAccess to get all the urls right (great stuff!). However, I noticed that the REMOTE_ADDR was always set to the proxy host. This makes sense because Zope just gets the host/port from the socket connection. But I needed the real remote_addr for logging and user admin. Adding 'Header's wouldn't pass the info to Zope. The Zope mail archives mentioned the problem a couple of times without a configuration fix. A simple fix to the proxy module (in proxy_http.c) will create a new header called 'Original-Addr' to contain the client's ip address. Also, take a look at mod_proxy_add_forward for Apache, and these other resources: http://www.zope.org/Members/stephen/ApacheProxyPatch http://modules.apache.org/search?id=124 ftp://ftp.netcetera.dk/pub/apache/mod_proxy_add_forward.c I believe there is some code in mod_proxy_add_forward to deal with getting the client's IP address from chains of proxies. -- Steve Alexander Software Engineer Cat-Box limited http://www.cat-box.net ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ProxyPass and SiteAccess getting REMOTE_ADDR
On Mon, 12 Feb 2001, William Noon wrote: A simple fix to the proxy module (in proxy_http.c) will create a new header called 'Original-Addr' to contain the client's ip address. Here is a context diff against Apache 1.3.14 that should work even in the new 2.0 servers: FYI, there is an apache module that already does this. I can't remember the name offhand, but it creates a similar header called something like X-Original-Addr. The module works in two parts and is both 'client' and 'server', so that if you have two apache processes one prxying to the other, the first will generate the header, and the second will recognise it and set the appropriate variables. -Matt -- Matt Hamilton [EMAIL PROTECTED] Netsight Internet Solutions, Ltd. Business Vision on the Internet http://www.netsight.co.uk +44 (0)117 9090901 Web Hosting | Web Design | Domain Names | Co-location | DB Integration ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ProxyPass and SiteAccess getting REMOTE_ADDR
Steve Alexander wrote: Also, take a look at mod_proxy_add_forward for Apache, and these other resources: http://www.zope.org/Members/stephen/ApacheProxyPatch http://modules.apache.org/search?id=124 ftp://ftp.netcetera.dk/pub/apache/mod_proxy_add_forward.c I believe there is some code in mod_proxy_add_forward to deal with getting the client's IP address from chains of proxies. We're actually phasing this hack out in favour of a Virtual Host Monster which seems like a much cleaner solution... cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ProxyPass and SiteAccess getting REMOTE_ADDR
From: "Chris Withers" [EMAIL PROTECTED] We're actually phasing this hack out in favour of a Virtual Host Monster which seems like a much cleaner solution... Sorry, Chris, VHM is irrelevent to this problem. If you want to know the original remote IP, you have two choices: 1. Use one of the Apache patches that have been posted. 2. Mangle it into URLs and extract it with an AccessRule. Neither one of these is really satisfactory at the moment, since medusa doesn't know either solution, and so z2.log doesn't get the proper IP addresses. I'm hoping that one of these days we can standardize on #1 and provide support in medusa. I don't get why it is necessary at all to use medusa's logging when using apache or squid etc. as a proxy. I for instance use apache to also serve content which isn't contained in the ZODB (large files etc.), and I want the logs/statistics to also contain information about these. Btw. with a small module it's even possible to log the usernames with apache, something medusa isn't capabable of afaik (as of zope version 2.3). cheers, oliver ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ProxyPass and SiteAccess getting REMOTE_ADDR
From: Oliver Bleutgen [EMAIL PROTECTED] Btw. with a small module it's even possible to log the usernames with apache, something medusa isn't capabable of afaik (as of zope version 2.3). Cool! What module is this, and how do you use it? Cheers, Evan @ digicool 4-am ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] ProxyPass and SiteAccess getting REMOTE_ADDR
Last week I was setting up an Apache VirtualHost to point to a Zope object tree using the ProxyPass directive and SiteAccess to get all the urls right (great stuff!). However, I noticed that the REMOTE_ADDR was always set to the proxy host. This makes sense because Zope just gets the host/port from the socket connection. But I needed the real remote_addr for logging and user admin. Adding 'Header's wouldn't pass the info to Zope. The Zope mail archives mentioned the problem a couple of times without a configuration fix. A simple fix to the proxy module (in proxy_http.c) will create a new header called 'Original-Addr' to contain the client's ip address. Here is a context diff against Apache 1.3.14 that should work even in the new 2.0 servers: *** *** 397,402 --- 397,404 ap_bvputs(f, reqhdrs[i].key, ": ", reqhdrs[i].val, CRLF, NULL); } + ap_bvputs(f, "Original-Addr: ", r-connection-remote_ip, CRLF, NULL); + ap_bputs(CRLF, f); /* send the request data, if any. */ When the request was proxied, the Zope REQUEST will now have a key 'HTTP_ORIGINAL_ADDR' containing the client address. This key is also now a good indication that the http request went to the VirtualHost address. I then made a small change to SiteRoot.py to turn off the url mapping if HTTP_ORIGINAL_ADDR is present. This is a context diff against the SiteRoot.py file shipped with Zope 2.3.0: *** *** 108,113 --- 108,116 if '_SUPPRESS_SITEROOT' in _swallow(request): request.setVirtualRoot(request.steps) return + # only run if passed through ProxyPass + t = request.environ.get('HTTP_ORIGINAL_ADDR',None) + if t == None : return srd = [None, None] for i in (0, 1): srp = ('SiteRootBASE', 'SiteRootPATH')[i] These two patches have worked well and solved several problems. I hope others will find them useful. --Bill Noon Northeast Regional Climate Center Cornell University ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )