Pardon me if I missed the obvious, but I spent some time searching around,
reading documentation, and even checking the mod-security-users archive and
I missed it.
Is there any way to set modsecurity 2 to use X-Forwarded-For as the source
My servers are behind a proxy (appliance, unfortunately), so all the source
IP's look the same. It's an easy fix for access logs, but I'm failing to
figure it out for modsecurity.
Anyone have suggestions?
Am 19.03.2013 18:26, schrieb Michael Henry:
> Pardon me if I missed the obvious, but I spent some time searching around, reading documentation, and even checking
> the mod-security-users archive and I missed it.
> Is there any way to set modsecurity 2 to use X-Forwarded-For as the source address?
> My servers are behind a proxy (appliance, unfortunately), so all the source IP's look the same. It's an easy fix
> for access logs, but I'm failing to figure it out for modsecurity.
> Anyone have suggestions?
hopefully this will be soon fixed because it is
the last showstopper prevent me from update to
Apache 2.4 behind a trafficserver and i can not
deal with USERAGENT_IP in a production environment
with distributed configurations and a temporary
mix of Apache 2.2 / 2.4 and a year after Apache 2.4
was released this should be really support mod_remoteip
in a clean way
[root@...:~]$ cat /etc/httpd/conf/httpd-remoteip.conf
# thelounge.net distributed config
<IfVersion >= 2.4>
LoadModule remoteip_module "modules/mod_remoteip.so"
RemoteIPInternalProxy 127.0.0.1 184.108.40.206
<IfVersion < 2.4>
LoadModule rpaf_module "modules/mod_rpaf-2.0.so"
RPAFproxy_ips 127.0.0.1 220.127.116.11
-------- Original-Nachricht --------
Betreff: Re: [mod-security-users] REMOTE_ADDR / Apache 2.4 and mod_remoteip
Datum: Tue, 29 Jan 2013 09:16:28 -0200
Von: Breno Silva <breno.silva@...>
An: Reindl Harald <h.reindl@...>
Kopie (CC): Mailing-List mod_security <mod-security-users@...>
Yes. We still have a ticket for this. I will work on it later.
You can use now the variable USERAGENT_IP instead of REMOTE_ADDR.
On Tue, Jan 29, 2013 at 8:55 AM, Reindl Harald <h.reindl@... <mailto:h.reindl@...>> wrote:
i overlooked the 2.7.2 release
* Fixed mod_security displaying wrong ip address in error.log using apache 2.4 and mod_remoteip
logging is now as expected but rules with REMOTE_ADDR in
context of "mod_remoteip" does not work
SecRule REMOTE_ADDR "^10\.0\.0\.99" "id:'117',phase:1,nolog,allow,ctl:ruleEngine=off"
[Tue Jan 29 11:50:28.170865 2013] [:error] [pid 3931] [client 10.0.0.99] ModSecurity: Access denied with code 404
(phase 2). Matched phrase "nessus" at REQUEST_HEADERS:User-Agent. [file
"/etc/httpd/modsecurity.d/modsecurity_35_bad_robots.conf"] [line "3"] [id "990002"] [msg "Bad Robot"] [hostname
"proxy.test.rh"] [uri "/show_content.php"] [unique_id "UQepdAoAAGMAAA9bSW8AAAAE"]
10.0.0.99 is logged but i have to use the proxy-ip 10.0.0.103 in the
whitelisting (rule id 117) which is not the intention of it - can we
please have this fixed too?