From: Ken Youens-Clark <kyclark@gm...> - 2005-04-19 14:29:32
I'm trying out a ProxyPass set up in mod_perl to say something like
"/foo" proxies to "localhost:8080." I'm using the "http_modperl.conf"
file for my proxied VirtualHost, and it has the line:
But Perl can't find that module installed, CPAN doesn't seem to know
about it, and I can't find it here:
From: Chris Winters <chris@cw...> - 2005-04-19 14:55:57
* Ken Youens-Clark (kyclark@...) [050419 10:42]:
> I'm trying out a ProxyPass set up in mod_perl to say something like
> "/foo" proxies to "localhost:8080." I'm using the "http_modperl.conf"
> file for my proxied VirtualHost, and it has the line:
> PerlPostReadRequestHandler OpenInteract::ProxyRemoteAddr
That shouldn't be there anymore. IIRC modern mod_proxy implementations
make it unnecessary, but I'm a little fuzzy on that. (I'll remove it
from CVS, thanks for the catch -- again.)
Teemu recently committed a change to OI2::Request to add a property of
'forwarded_for' so adapters can store the actual IP address rather
than just pass the proxy address back. I'm not sure if any adapter
changes were made though.
Chris Winters (http://www.cwinters.com)
Building enterprise-capable snack solutions since 1988
From: Teemu Arina <teemu@io...> - 2005-04-19 15:50:40
> Teemu recently committed a change to OI2::Request to add a property of
> 'forwarded_for' so adapters can store the actual IP address rather
> than just pass the proxy address back. I'm not sure if any adapter
> changes were made though.
Yes, now you can access the X-Forwarded-For which is set by most proxies
(like squid) when a request passes through:
Which ususally contains something like this:
188.8.131.52, Unknown, 184.108.40.206, 220.127.116.11
where 125.* is set by your farest proxy and 127.* is set by your nearest proxy
(for example, one in localhost).
It's up to you to decide which one these to trust. I haven't implemented anything
additional adapter functionality or such to override what you have in
I think a server.ini configuration parameter which sets the number of trusted steps
backwards in the forwarded_for chain would do it.
trusted_proxies = 2
Would set 18.104.22.168 as the clients real IP address, as you know that both 142.* and 212.*
were provided by proxies you control and there is no way to access your server through any
other IP address. This is important: it's easy to forge the X-Forwarded-For to what ever you want
if you can access the server directly.
Komeetankuja 4 A
Tel: +358-(0)50 - 555 7636
Corporate website: http://www.dicole.com
FLOSS in education blog: http://flosse.dicole.org
Personal weblog: http://infedelic.blogspot.com
"Discover, collaborate, learn."