From: Ken Youens-C. <ky...@gm...> - 2005-04-19 14:29:32
|
I'm trying out a ProxyPass set up in mod_perl to say something like "/foo" proxies to "localhost:8080." I'm using the "http_modperl.conf" file for my proxied VirtualHost, and it has the line: PerlPostReadRequestHandler OpenInteract::ProxyRemoteAddr But Perl can't find that module installed, CPAN doesn't seem to know about it, and I can't find it here: http://search.cpan.org/~cwinters/OpenInteract-1.99_06/ ky |
From: Chris W. <ch...@cw...> - 2005-04-19 14:55:57
|
* Ken Youens-Clark (ky...@gm...) [050419 10:42]: > I'm trying out a ProxyPass set up in mod_perl to say something like > "/foo" proxies to "localhost:8080." I'm using the "http_modperl.conf" > file for my proxied VirtualHost, and it has the line: > > PerlPostReadRequestHandler OpenInteract::ProxyRemoteAddr That shouldn't be there anymore. IIRC modern mod_proxy implementations make it unnecessary, but I'm a little fuzzy on that. (I'll remove it from CVS, thanks for the catch -- again.) Teemu recently committed a change to OI2::Request to add a property of 'forwarded_for' so adapters can store the actual IP address rather than just pass the proxy address back. I'm not sure if any adapter changes were made though. Chris -- Chris Winters (http://www.cwinters.com) Building enterprise-capable snack solutions since 1988 |
From: Teemu A. <te...@io...> - 2005-04-19 15:50:40
|
> Teemu recently committed a change to OI2::Request to add a property of > 'forwarded_for' so adapters can store the actual IP address rather > than just pass the proxy address back. I'm not sure if any adapter > changes were made though. Yes, now you can access the X-Forwarded-For which is set by most proxies (like squid) when a request passes through: CTX->request->forwarded_for Which ususally contains something like this: 125.12.154.2, Unknown, 142.111.123.123, 212.222.21.4 where 125.* is set by your farest proxy and 127.* is set by your nearest proxy (for example, one in localhost). It's up to you to decide which one these to trust. I haven't implemented anything additional adapter functionality or such to override what you have in CTX->request->remote_host I think a server.ini configuration parameter which sets the number of trusted steps backwards in the forwarded_for chain would do it. Something like: trusted_proxies = 2 Would set 142.111.123.123 as the clients real IP address, as you know that both 142.* and 212.* were provided by proxies you control and there is no way to access your server through any other IP address. This is important: it's easy to forge the X-Forwarded-For to what ever you want if you can access the server directly. Regards, Teemu Arina Dicole Komeetankuja 4 A 02210 Espoo FINLAND Tel: +358-(0)50 - 555 7636 skype: infe00 Corporate website: http://www.dicole.com FLOSS in education blog: http://flosse.dicole.org Personal weblog: http://infedelic.blogspot.com "Discover, collaborate, learn." |