[Gllug] Apache as web accelerator: forwarding the client's real IP address
Richard Jones
rich at annexia.org
Mon Sep 25 10:45:29 UTC 2006
On Mon, Sep 25, 2006 at 11:34:32AM +0100, Jason Clifford wrote:
> On Mon, 25 Sep 2006, Richard Jones wrote:
>
> > This all works well. However the problem is that the back-end web
> > servers don't see the clients' real IP addresses. This causes some
> > problems - eg. in blocking rogue IPs, WordPress moderator requests
> > (which contain the client IP), anonymous MediaWiki edits which record
> > against the client IP, etc. Because the back-end web servers are only
> > connected to the web accelerator, they always report its address
> > (ie. 10.x.x.x).
>
> Does the Apache "Proxy Via" directive do this? I've read that it does.
The 'Via' header doesn't appear to contain an IP address, and in any
case it's not trivial to parse.
Since I posted this, I've discovered X-Forwarded-For (XFF [1]) and
mod_proxy_add_forward.c [2]. Unfortunately mod_proxy doesn't support
XFF, and mod_proxy_add_forward seems to be deprecated, although I'm
not sure exactly why. In any case I'll have to hack WordPress and the
wiki to support these ...
Rich.
[1] http://en.wikipedia.org/wiki/XFF
[2] http://develooper.com/code/mpaf/mod_proxy_add_forward.c
--
Richard Jones, CTO Merjis Ltd.
Merjis - web marketing and technology - http://merjis.com
Internet Marketing and AdWords courses - http://merjis.com/courses - NEW!
Merjis blog - http://blog.merjis.com - NEW!
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list