SourceForge.net

Greetings,

That is correct. The IP does not make it to the web server anymore as the
source IP. You can find the source IP in the http headers (e.g.
X-Remote-Addr), which can be used in more complex setups (e.g. a php
script).

SourceForge.net Support

I hacked up my Drupal quickly with a

if ($_SERVER['HTTP_X_REMOTE_ADDR']) {
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_REMOTE_ADDR'];
}


So I'm personally good for now, but yeah, this might be good to at least
document for others to know. Also, I don't know which is preferable to use,
X-Remote-Addr or X-Forwarded-For. Right now, I'm actually using
X-Remote-Addr for both Drupal and my .htaccess ACLs.

Thanks!

Greetings,

Ok, I'm going to escalate this to the SOG group so that they at least are
aware of this. They may update this and state that this is not possible,
but this input may help them note this for future reference.

Need anything else? Drop a comment into this support request. We'll get
back on it!

Cheers!,

Daniel Hinojosa - the SourceForge.net support gnome

P.S. - We have a new Site Status page: https://sourceforge.net/sitestatus
. Keep up with the latest site and service issues there! Also, get outage
notices by email, find out how here:
https://sourceforge.net/community/forum/topic.php?id=2728&page&replies=1

Fwiw, this breaks certain Drupal features that assumes that the src IP is
the client IP. Since it's always 127.0.0.1 (or so it seems at least), ACLs
or counters (limit posts / IP etc.) do not work as intended.

Yeah, I don't know if there's anything you can do, now that I look at my
internal request log (I'm using Drupal), all requests comes from 127.0.0.1.
I'm not a huge Apache expert, so I don't know if there are any modules that
would let you take the X-Forwarded-For header (from Nginx) and replace the
src IP in the Apache internals with the remote IP.

It certainly would be useful to do this transparently, so that web sites
can see the client IP, and not the Nginx IP. In the mean time, I guess I
need to hack up Drupal to use the X-Forwarded-For header ;).

Greetings,

Check the Site Status (https://sourceforge.net/sitestatus) on the project
web update, SourceForge.net project web migration completed 2008-09-17 -
http://sourceforge.net/community/forum/topic.php?id=3471&page&replies=2 as
well as SourceForge.net project web migration completed 2008-09-17 -
https://sourceforge.net/community/forum/topic.php?id=3508&page&replies=1.

I'm hoping this helps you square things up. If not, bounce back and give
us a little more specifics about what you are requesting and we can
consider options. There may not be any, but we can look it over.

Need anything else? Drop a comment into this support request. We'll get
back on it!

Cheers!,

Daniel Hinojosa - the SourceForge.net support gnome

P.S. - We have a new Site Status page: https://sourceforge.net/sitestatus
. Keep up with the latest site and service issues there! Also, get outage
notices by email, find out how here:
https://sourceforge.net/community/forum/topic.php?id=2728&page&replies=1

So, to answer my own question, I guess, doing something like this makes it
work:

SetEnvIf X-Forwarded-For 4.2.3.1 is_trusted_ip


And then

Allow from env=is_trusted_ip


I assume this means that you are indeed doing a reverse proxy in front of
the Apache farms. Any chance that you can hack your apache to use the
X-Forwarded-For IP from Nginx instead of the src IP from the connection?
:-)