Steps to reproduce (not exact):
apache config:
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule remoteip_module modules/mod_remoteip.so
Listen 18000
<VirtualHost *:18000>
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 127.0.0.1
RewriteEngine on
RewriteRule ^/?(.*) http://test.invalid/%{REMOTE_ADDR} [R=301,L]
</VirtualHost>
Let's assume we are a proxy on 127.0.0.1.
If a connection comes from 1.2.3.4 without an existing header we will
set X-Forwarded-For: 1.2.3.4 and Apache should trust us.
curl -vH 'X-Forwarded-For: 1.2.3.4' 'http://127.0.0.1:18000/'
...
< Location: http://test.invalid/1.2.3.4
...
This is OK as the connection comes from 127.0.0.1 and it is trusted to
present the IP 1.2.3.4
If a connection comes from 1.2.3.4 with an existing "X-Forwarded-For:
5.6.7.8", we should add the IP 1.2.3.4 at the end, like so:
curl -vH 'X-Forwarded-For: 5.6.7.8, 1.2.3.4' 'http://127.0.0.1:18000/'
...
< Location: http://test.invalid/5.6.7.8
...
This shows that Apache thinks the REMOTE_ADDR should be 5.6.7.8. This is
not OK as the IP 5.6.7.8 comes from 1.2.3.4 and 1.2.3.4 is not trusted.
Expected:
After the patch is applied
curl -vH 'X-Forwarded-For: 5.6.7.8, 1.2.3.4' 'http://127.0.0.1:18000/'
...
< Location: http://test.invalid/1.2.3.4
...
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1511222
Title:
Incorrect trusted proxy match test in mod_remoteip
To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1511222/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
