[Wolves] PHP behind Smoothwall
James Turner
james at turnersoft.co.uk
Thu Jun 17 23:29:09 BST 2004
On Thursday 17 Jun 2004 14:59, Jon Farmer wrote:
> On Thu, June 17, 2004 2:49 pm, Jon Farmer said:
> > $REMOTE_ADDR part of the $_SERVER global array and will always return the
> > IP the the webserver ie APACHE is bound to
>
> Doh brain had a go slow.. $REMOTE_ADDR is the client address and if its
> being NAT'd or throught proxy etc it will not return the true client
> address. If you wanted the IP of the server you would need to call a
> system command for that like ipconfig.
At one point, when I was setting up my firewall, I managed to configure port
80 forwarding such that everything was accessible as it should be, but the
firewall's IP address appeared in the Apache logs instead of that of the
remote clients.
The problem was that as well as doing NAT on the destination address (the
normal for port forwarding of incoming connections) for packets arriving on
port 80 I was also doing NAT on the source address (normally used for IP
masquerading of outgoing connections). This was quickly spotted and
resolved! :)
As Jon points out, running inbound requests through a reverse proxy would have
a similar effect on the logs and on the client address as seen by PHP.
James
More information about the Wolves
mailing list