httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J.Lance Wilkinson" <>
Subject Re: [users@httpd] Incompatibilities between mod_remoteip and the server-info & server-status handlers?
Date Tue, 01 Feb 2011 16:00:44 GMT
Tom Evans wrote:
> According to the docs on mod_remoteip, it should work as you expect:
> """
> The module replaces the apparent remote (client) IP/hostname for the
> request with the IP address reported in the request header configured
> with the RemoteIPHeader directive.
> Once replaced as instructed, this apparent IP address is then used for
> mod_authz_host features <Require host> and <Require ip>, is reported
> by mod_status, and is recorded by mod_log_config %a and %h directives.
> It also determines the machine probed for an inetd identity by
> mod_ident based on the IdentityCheck configuration.
> """
> What IP addresses are logged in the access logs on the backend? If
> they aren't showing the client IP address, rather than the proxy IP
> address, then mod_remoteip is not in use or incorrectly configured.

The actual client IP addresses seem to be showing up for one set of URIs which 
are IP filtered to a set of permitted ones.

In this particular case, my config file fragment reads:
         Alias /artshumanities/audio "/web_extranet_etc/arts/audio"
         <Directory "/web_extranet_etc/arts/audio">
             Options -Indexes
             AllowOverride None
             Order deny,allow
             Deny from all
             Allow from 128.118 146.186 130.203

I have several <VirtualHost/> blocks, and since this <Directory/> block applies

equally to both my port 80 and my port 443 VirtualHosts, I defined it EXTERNAL 
TO BOTH.  The same goes for the various <Location/> blocks that I'd noted this 
behavior on before.

The RemoteIPHeader and RemoteIPTrustedProxy directives are defined individually 
in each <VirtualHost/>  -- this because we didn't see evidence of it working 
when we had it outside them.

The log entries read like (wrapped for readability): - - [01/Feb/2011:09:50:22 -0500] "GET 			
		/artshumanities/audio/music9.htm HTTP/1.1" 403 27480
			"-" "Mozilla/5.0 (Windows; U; Windows NT 5.1;
				en-US; rv: Gecko/20081217
					Firefox/ (.NET CLR 3.5.30729)"

I'm wondering now if this issue could have to do more w/ my Order, Deny 	and 
Allow directives than with and incompatibility between the mod_remoteip module 
and the server-info/server-status handlers...

J.Lance Wilkinson ("Lance")		InterNet:
Systems Design Specialist - Lead	Phone: (814) 865-4870
Digital Library Technologies		FAX:   (814) 863-3560
E3 Paterno Library
Penn State University
University Park, PA 16802

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message