Clarifications for QS_ClientIpFromHeader directive
Quality of service module for Apache httpd
Brought to you by:
pbuchbinder
Menu
▾
▴
The QS_ClientIpFromHeader does not appear to work for me. I set up three test szenarios where mod_qos blocks requests: one using QS_ClientEventBlockCount, one using QS_SrvMaxConnPerIP and one using QS_ClientGeoCountryPriv. The requests were successfully logged with c=<ip_of_host>.</ip_of_host>
Then I added a custom header and set the QS_ClientIpFromHeader directive to use that header. If no IP address was sent using that header, there would be a message in the error log indicating as such, so I suppose the header was correctly set on my test requests.
I performed the same requests, adding the header on each request with a different IP address. However, the value of c=... remained the same and the requests were still blocked in all three cases.
Am I not using QS_ClientIpFromHeader correctly?
QS_ClientIpFromHeader can't be used for directives which block clients on connection level (before any HTTP request data is read from the client).
Thank you for your response. This explains why it yould not work with QS_SrvMaxConnPerIP.
And QS_ClientEventBlockCount is also blocked on a connection level, even though it is a client-level control with access to the HTTP request. Is that correct?
However, QS_ClientGeoCountryPriv relies on the information proivided by QS_ClientGeoCountryDB & QS_Country as far as I can tell. For both QS_ClientGeoCountryDB and QS_Country, it is explicitly stated in the documentation that QS_ClientIpFromHeader can be used to override the client IP address. Does that somehow not apply to QS_ClientGeoCountryPriv?
Yes, you can use QS_ClientIpFromHeader in conjunction with QS_Country and write your own rules matching against the variable's value (the variable is already set within the scope of the post read request phase).
You can also use QS_ClientEventLimitCount (which supports QS_ClientIpFromHeader) instead of QS_ClientEventBlockCount.
http://mod-qos.sourceforge.net/glossary.html#directives shows you the sequence in which the directives are invoked. It's technically not possible to read data from HTTP header fields in the pre connection hook (as the server has not receive any data until then). That's why QS_ClientEventBlockCount, QS_SrvMaxConnPerIP, nor QS_ClientGeoCountryPriv can't read the IP from the header.
Ok, thank you for clarifying the issue.