[Mod-security-developers] [JIRA] Resolved: (MODSEC-362) Add a new directive that allows the user to define REMOTE_ADDR data

[Breno S. P. (JIRA) <no...@mo...>]

     [ https://www.modsecurity.org/tracker/browse/MODSEC-362?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Breno Silva Pinto resolved MODSEC-362.
--------------------------------------

    Resolution: Fixed

Added SecRemoteAddrDefine X-forwarded-For.
Don't need to specify the Collection name. It will search directly into REQUEST_HEADERS

> Add a new directive that allows the user to define REMOTE_ADDR data
> -------------------------------------------------------------------
>
>                 Key: MODSEC-362
>                 URL: https://www.modsecurity.org/tracker/browse/MODSEC-362
>             Project: ModSecurity
>          Issue Type: New Feature
>      Security Level: Normal
>          Components: Configuration
>            Reporter: Ryan Barnett
>            Assignee: Breno Silva Pinto
>             Fix For: 2.7.4
>
>
> When in proxy environments, users need to be able to define how to populate the REMOTE_ADDR variable data from request headers such as:
> - X-Forwarded-For
> - X-Originating-IP
> - CF-Connecting-IP
> We should add a new directive called something like - SecRemoteAddrDefine where the user can specify what data should be used to populate the REMOTE_ADDR variable.
> Example -
> SecRemoteAddrDefine Default
> Would work as normal and uses the remove client's IP address.
> SecRemoteAddrDefine REQUEST_HEADERS:X-Forwarded-For
> Would populate REMOTE_ADDR with the data from that header field.  This will allow users to specify the right content for this variable and then all rules can use REMOTE_ADDR.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira