httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J.Lance Wilkinson" <jl...@psulias.psu.edu>
Subject Re: [users@httpd] Incompatibilities between mod_remoteip and the server-info & server-status handlers?
Date Tue, 01 Feb 2011 16:00:44 GMT
Tom Evans wrote:
> According to the docs on mod_remoteip, it should work as you expect:
> 
> """
> The module replaces the apparent remote (client) IP/hostname for the
> request with the IP address reported in the request header configured
> with the RemoteIPHeader directive.
> 
> Once replaced as instructed, this apparent IP address is then used for
> mod_authz_host features <Require host> and <Require ip>, is reported
> by mod_status, and is recorded by mod_log_config %a and %h directives.
> It also determines the machine probed for an inetd identity by
> mod_ident based on the IdentityCheck configuration.
> """
> 
> What IP addresses are logged in the access logs on the backend? If
> they aren't showing the client IP address, rather than the proxy IP
> address, then mod_remoteip is not in use or incorrectly configured.

The actual client IP addresses seem to be showing up for one set of URIs which 
are IP filtered to a set of permitted ones.

In this particular case, my config file fragment reads:
	
         Alias /artshumanities/audio "/web_extranet_etc/arts/audio"
         <Directory "/web_extranet_etc/arts/audio">
             Options -Indexes
             AllowOverride None
             Order deny,allow
             Deny from all
             Allow from 128.118 146.186 66.71.0.0/16 130.203
         </Directory>

I have several <VirtualHost/> blocks, and since this <Directory/> block applies

equally to both my port 80 and my port 443 VirtualHosts, I defined it EXTERNAL 
TO BOTH.  The same goes for the various <Location/> blocks that I'd noted this 
behavior on before.

The RemoteIPHeader and RemoteIPTrustedProxy directives are defined individually 
in each <VirtualHost/>  -- this because we didn't see evidence of it working 
when we had it outside them.

The log entries read like (wrapped for readability):

	146.186.238.23 - - [01/Feb/2011:09:50:22 -0500] "GET 			
		/artshumanities/audio/music9.htm HTTP/1.1" 403 27480
			"-" "Mozilla/5.0 (Windows; U; Windows NT 5.1;
				en-US; rv:1.8.1.20) Gecko/20081217
					Firefox/2.0.0.20 (.NET CLR 3.5.30729)"

I'm wondering now if this issue could have to do more w/ my Order, Deny 	and 
Allow directives than with and incompatibility between the mod_remoteip module 
and the server-info/server-status handlers...

-- 
J.Lance Wilkinson ("Lance")		InterNet: Lance.Wilkinson@psu.edu
Systems Design Specialist - Lead	Phone: (814) 865-4870
Digital Library Technologies		FAX:   (814) 863-3560
E3 Paterno Library
Penn State University
University Park, PA 16802


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message