httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <tevans...@googlemail.com>
Subject Re: [users@httpd] Incompatibilities between mod_remoteip and the server-info & server-status handlers?
Date Mon, 31 Jan 2011 15:00:21 GMT
On Mon, Jan 31, 2011 at 12:50 PM, J.Lance Wilkinson
<jlw12@psulias.psu.edu> wrote:
> I've got a set of identical webservers, all Apache 2.2.6, with
> configurations
> such that authorized IP addresses are allowed access to locations handled by
> the server-info and server-status handlers.
>
> These work fine when visiting the individual servers.
>
> Now I put a load balancer in front of them all, and incorporate the
> mod_remoteip module into them to accept the load balancer inserted
> X-Forwarded-For header as the actual requesting IP address.
>
> Users from acceptable IP addresses coming in through the load balancer get
> either a 404, a 403 or a blank page (and the error log shows an aborting
> child
> process in that case).
>
> If there's a basic incompatibility between these handlers and mod_remoteip,
> like for example, maybe they do their thing BEFORE mod_remoteip appears in
> the
> processing stack, I'll accept that.   After all, the main reason I want to
> do
> it from the load balancer is to just see which server is being handed any
> arbitrary request; it's a trivial thing.
>
> But if it SHOULD be working I'd like to know what I'm doing wrong.
>

According to the docs on mod_remoteip, it should work as you expect:

"""
The module replaces the apparent remote (client) IP/hostname for the
request with the IP address reported in the request header configured
with the RemoteIPHeader directive.

Once replaced as instructed, this apparent IP address is then used for
mod_authz_host features <Require host> and <Require ip>, is reported
by mod_status, and is recorded by mod_log_config %a and %h directives.
It also determines the machine probed for an inetd identity by
mod_ident based on the IdentityCheck configuration.
"""

What IP addresses are logged in the access logs on the backend? If
they aren't showing the client IP address, rather than the proxy IP
address, then mod_remoteip is not in use or incorrectly configured.

Cheers

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message