|
Home > Archive > Perlbal > September 2007 > Perlbal and CGI::remote_host returning 127.0.0.1
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Perlbal and CGI::remote_host returning 127.0.0.1
|
|
| Igor Chudov 2007-09-26, 1:12 am |
| I am a very happy user of perlbal -- it easily manages my 15 requests
per second and everything works VERY well. Thank you Brad.
I was also able to stick X-Forwarded-For header into apache logs, so
that they show originating IP. So far so good.
My question is, how do I make mod_perl and CGI module report actual
remote host as $cgi->remote_host, as opposed to getting 127.0.0.1.
Thanks
i
| |
| Brad Fitzpatrick 2007-09-26, 1:12 am |
| See:
http://stderr.net/apache/rpaf/
On Tue, 25 Sep 2007, Igor Chudov wrote:
> I am a very happy user of perlbal -- it easily manages my 15 requests
> per second and everything works VERY well. Thank you Brad.
>
> I was also able to stick X-Forwarded-For header into apache logs, so
> that they show originating IP. So far so good.
>
> My question is, how do I make mod_perl and CGI module report actual
> remote host as $cgi->remote_host, as opposed to getting 127.0.0.1.
>
> Thanks
>
> i
>
| |
| Ask Bjørn Hansen 2007-09-26, 7:11 am |
|
On Sep 25, 2007, at 21:04, Igor Chudov wrote:
> My question is, how do I make mod_perl and CGI module report actual
> remote host as $cgi->remote_host, as opposed to getting 127.0.0.1.
For Apache 2.2 I use this module:
http://www.openinfo.co.uk/apache/index.html
In mod_perl (1.x) the following should work:
httpd.conf:
PerlPostReadRequestHandler ProxyIP
And then put something similar to the ProxyIP::handler function in
your startup.pl:
https://svn.develooper.com/combust/...conf/startup.pl
($config->proxyip_forwarders there returns a list of IPs, optionally
with netmasks or '*' to just allow everyone).
The PERL version here traverses all the "trusted" upstream proxies
and sets the IP to the first "untrusted" IP found - I forget if the
Apache module does that too.
- ask
--
http://develooper.com/ - http://askask.com/
| |
| Jeremy James 2007-09-26, 7:11 am |
| Brad Fitzpatrick wrote:
> On Tue, 25 Sep 2007, Igor Chudov wrote:
>
>
> See:
> http://stderr.net/apache/rpaf/
>
We use mod_rpaf under apache 1.3 and 2.0, but had problems when
perlbal's persist_backend was on - the apache module would only set the
remote IP address on the first request to apache, then assume that the
connection was from the same machine and not change it when a new
request comes in from perlbal.
The obvious solution is therefore to get the module to parse
X-Forwarded-For on every request, but this is thwarted by the fact that
the IP address mod_rpaf wants to check to see if this is a trusted proxy
is the same address it just changed to fool other apache processes into
thinking we're connected to a different host.
There are some solutions you could attempt to fix this - we just ignore
the IP checks (we use to use the IP address as part of the
authentication system, but now just use it for logging after we had too
many issues with multiple-outgoing proxy networks, so aren't concerned
about the security implications). However, you're probably better off
with mod_extract_forwarded which appears to have code to fix this
problem (but not in the Apache 1.3 version).
-jeremy
|
|
|
|
|