How to replace content of REMOTE_ADDR header in Apache2
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
What is a way to replace the content of the REMOTE_ADDR header in Apache2 with out resorting to rpaf?
to be honest, I don't really understand what you're going to do, neither for what reason. On top of that, your wording is inaccurate.
Actually, REMOTE_ADDR isn't a header (you probably mean an HTTP request or response header). Instead, it's an environment variable that Apache passes to a CGI, and its value is the IP address of the client initiating the request. For instance, if you're using PHP, you can access this information through $_SERVER['REMOTE_ADDR']. In Perl, you'd access this directly as an environment variable, I think (don't know much about Perl, though).
So what precisely do you wish to replace? With what else? And for what purpose?
Maybe there's a misunderstanding on your behalf, and the adequate solution could be completely different from what you think.
All the scripts and modules in Apache2 see incoming connections as only from proxy/cache, not their original source. This applies to modules on Apache
If using PHP, then $_SERVER['REMOTE_ADDR'] would contain the address of the proxy/cache and not the actual client address. The correct client address is in $_SERVER['HTTP_X_FORWARDED_FOR'] so I would like Apache2 itself to fill in the content of REMOTE_ADDR with that of HTTP_X_FORWARDED_FOR
For example, you can see it in the log file format. This will show in the first column the address of the proxy/cache:
Code:
LogFormat "%h %l %u %t \"%r\" %>s %b" common
and in contrast this one will show the correct address of the client in the first column:
Code:
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common
Again, modules get passed "%h" and I need them to receive "%{X-Forwarded-For}i". Since some are hard-coded to read "%h", I seem to need to replace the contents of "%h" with the right value.
ah, I see. You should've mentioned the use of a proxy in your previous post.
True, in that setup, REMOTE_ADDR indicating the proxy's IP is a useless information, though technically correct.
Quote:
Originally Posted by Turbocapitalist
All the scripts and modules in Apache2 see incoming connections as only from proxy/cache, not their original source.
Bear in mind that this may be a desired effect - at least if the client uses a proxy deliberately. If the proxy is part of your own infrastructure, however, you don't gain anything in terms of information.
Quote:
Originally Posted by Turbocapitalist
If using PHP, then $_SERVER['REMOTE_ADDR'] would contain the address of the proxy/cache and not the actual client address. The correct client address is in $_SERVER['HTTP_X_FORWARDED_FOR'] so I would like Apache2 itself to fill in the content of REMOTE_ADDR with that of HTTP_X_FORWARDED_FOR
I understand this now. Unfortunately, I can't think of a way to do it, because I'm afraid this behavior is kind of hardwired inside Apache. Or more to the point, it's the result of Apache's not caring whether the apparent client is a proxy. From Apache's view, the proxy requests a resource, so the proxy gets it, and it's the proxy's task to forward it back[*] to the original client. Apache doesn't care.
Quote:
Originally Posted by Turbocapitalist
Again, modules get passed "%h" and I need them to receive "%{X-Forwarded-For}i". Since some are hard-coded to read "%h", I seem to need to replace the contents of "%h" with the right value.
And to do so, you'll probably have to mess with Apache's source code and recompile your own. I'll gladly withdraw that assumption as soon as anybody comes up with a clever idea, but I doubt if they will ...
[X] Doc CPU
[*] Isn't that a paradox, "to forward it back"? ;-)
Actually there are APIs for the modules to use to interact with Apache so it is a rare occasion that the source code itself needs to be messed with.
After some experimentation, and quite a bit of searching, there does not seem to any method to modify the Apache configuration file by itself to get that change. But there is a second module, mod_extract_forwarded, in addition to rpaf. Neither appear to have had much activity of late.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.