httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harbo, Peter" <pha...@cfa.harvard.edu>
Subject Re: [users@httpd] configuring mod_proxy_ftp for client ip logging
Date Wed, 25 Jul 2018 16:15:08 GMT
When you rewrite your applications to become secure (i.e. URL = 'https'),
the latest versions of the browsers will complain if you leave URLs with
the scheme ftp:// - and they don't really support sftp: or ftps:.  They
throw a 'mixed content' error if a page which is served via SSL has URLs
which are not secure and ftp is one of these.  You would use mod_proxy_ftp
if you want to replace the ftp: URLs with https URLs, yet allow the
existing ftp server with all its logging and associated metrics to serve
these requests.  I know some of the people who watch this list know the
nuances of some of the modules and perhaps there was something obvious to
make the mod_proxy_ftp pass the client IPs to the ftp server backend so
that is why I posted here.  The counterargument is to say ftp is obsolete
so just do the metrics from the access_log.




On Wed, Jul 25, 2018 at 8:01 AM, Walter H. <Walter.H@mathemainzel.info>
wrote:

> On 24.07.2018 19:28, Harbo, Peter wrote:
>
> The mod_proxy_ftp module is working fine for me using release 2.4.25 to
> send urls matching a pattern to a proftpd server running on the same
> system.  I have noticed that the source IP address in the ftpd log is the
> same as the httpd running the mod_proxy_ftp module.  Am I correct in
> assuming that neither mod_remoteip nor any other configuration options of
> httpd can cause httpd's ftp proxy module to spoof the IP address of the
> client sending the request to httpd?  Otherwise this works nicely but we
> need the correct IP addresses in the proftpd log for metrics.
>
> why not just letting the folks directly to the FTP with anonymous?
> so there is no need of this proxy module and you have the real IP
> addresses in the log;
>
>

Mime
View raw message