[Mod-security-developers] [JIRA] Resolved: (MODSEC-337) Wrong %REMOTE_ADDR with NGINX version

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

     [ https://www.modsecurity.org/tracker/browse/MODSEC-337?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Breno Silva Pinto resolved MODSEC-337.
--------------------------------------

    Resolution: Fixed

> Wrong %REMOTE_ADDR with NGINX version
> -------------------------------------
>
>                 Key: MODSEC-337
>                 URL: https://www.modsecurity.org/tracker/browse/MODSEC-337
>             Project: ModSecurity
>          Issue Type: Bug
>      Security Level: Normal
>          Components: Configuration, Core, Logging, Rules
>    Affects Versions: 2.7.0
>         Environment: EL6
>            Reporter: Mike Fisher
>            Assignee: Breno Silva Pinto
>             Fix For: 2.7.0
>
>
> Getting the remote address doesn't work properly with the latest NGINX version from SVN, it's always 127.0.0.1.
> The second issue is that it's not writing the $SecDataDir/ip file, so the IP counter always stays at 0 or 1. I've tried the /tmp directory and the NGINX log directory, which both have rw permissions for NGINX.
> [08/Oct/2012:19:50:12 +0400] [standalone/sid#f8d2158][rid#10ebad08][/portal.php][5] Rule f8d5d28: SecAction "phase:2,auditlog,pass,initcol:ip=%{REMOTE_ADDR},id:101"
> [08/Oct/2012:19:50:12 +0400] [standalone/sid#f8d2158][rid#10ebad08][/portal.php][4] Transformation completed in 1 usec.
> [08/Oct/2012:19:50:12 +0400] [standalone/sid#f8d2158][rid#10ebad08][/portal.php][4] Executing operator "unconditionalMatch" with param "" against REMOTE_ADDR.
> [08/Oct/2012:19:50:12 +0400] [standalone/sid#f8d2158][rid#10ebad08][/portal.php][9] Target value: "127.0.0.1"
> [08/Oct/2012:19:50:12 +0400] [standalone/sid#f8d2158][rid#10ebad08][/portal.php][4] Operator completed in 0 usec.
> [08/Oct/2012:19:50:12 +0400] [standalone/sid#f8d2158][rid#10ebad08][/portal.php][9] Resolved macro %{remote_addr} to: 127.0.0.1
> [08/Oct/2012:19:50:12 +0400] [standalone/sid#f8d2158][rid#10ebad08][/portal.php][9] collection_retrieve_ex: Retrieving collection (name "ip", filename "/var/log/nginx/ip")
> [08/Oct/2012:19:50:12 +0400] [standalone/sid#f8d2158][rid#10ebad08][/portal.php][4] Creating collection (name "ip", key "127.0.0.1").
> [08/Oct/2012:19:50:12 +0400] [standalone/sid#f8d2158][rid#10ebad08][/portal.php][4] Setting default timeout collection value 3600.
> [08/Oct/2012:19:50:12 +0400] [standalone/sid#f8d2158][rid#10ebad08][/portal.php][9] Recorded original collection variable: ip.UPDATE_COUNTER = "0"
> [08/Oct/2012:19:50:12 +0400] [standalone/sid#f8d2158][rid#10ebad08][/portal.php][4] Added collection "ip" to the list.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira