|
From: Breno S. P. (JIRA) <no...@mo...> - 2012-05-10 23:48:28
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-295?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-295.
--------------------------------------
Resolution: Fixed
> Wrong Client IP with Reverse Proxy Apache 2.4
> ---------------------------------------------
>
> Key: MODSEC-295
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-295
> Project: ModSecurity
> Issue Type: New Feature
> Security Level: Normal
> Components: Core
> Affects Versions: 2.6.5
> Environment: Win
> Reporter: Steffen
> Assignee: Breno Silva Pinto
> Priority: High
> Fix For: 2.7.0
>
>
> I am using ProxyPass and using in the backend host with Apache 2.4 mod_remoteip with RemoteIPHeader X-Forwarded-For:
> RemoteIPHeader X-Forwarded-For
> RemoteIPTrustedProxy 127.0.0.1
>
> Now logs mod_security as client 127.0.0.1 instead of the real client IP as used, not sure if in other area's of mod_security it is taken the wrong IP.
>
> [Sat Mar 24 11:30:52.640097 2012] [remoteip:info] [pid 628:tid 1472] [client 188.93.10.56:50800] Using 188.93.10.56 as client's IP by proxies 127.0.0.1
>
> [Sat Mar 24 11:30:52.640097 2012] [:error] [pid 628:tid 1472] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\.\\\\./" at ARGS:abc. [file "D:/servers/apache/conf/httpd.conf"] [line "473"] [id "50904"] [msg "Drive Access"] [severity "WARNING"] [hostname "www.land10web.com"] [uri "/"] [unique_id "T22iXMCoAQQAAAJ0x4cAAAB3"]
> It is related to MODSEC-158 which was based Apache 2.3 , and not on Apache 2.4 with the API IP changes.
> Steffen
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
