What is a way to replace the content of the REMOTE_ADDR header in Apache2 with out resorting to rpaf?

Hi there,

to be honest, I don't really understand what you're going to do, neither for what reason. On top of that, your wording is inaccurate.

Actually, REMOTE_ADDR isn't a header (you probably mean an HTTP request or response header). Instead, it's an environment variable that Apache passes to a CGI, and its value is the IP address of the client initiating the request. For instance, if you're using PHP, you can access this information through $_SERVER['REMOTE_ADDR']. In Perl, you'd access this directly as an environment variable, I think (don't know much about Perl, though).

So what precisely do you wish to replace? With what else? And for what purpose?
Maybe there's a misunderstanding on your behalf, and the adequate solution could be completely different from what you think.

[X] Doc CPU

If you have this network:

All the scripts and modules in Apache2 see incoming connections as only from proxy/cache, not their original source. This applies to modules on Apache

If using PHP, then $_SERVER['REMOTE_ADDR'] would contain the address of the proxy/cache and not the actual client address. The correct client address is in $_SERVER['HTTP_X_FORWARDED_FOR'] so I would like Apache2 itself to fill in the content of REMOTE_ADDR with that of HTTP_X_FORWARDED_FOR

For example, you can see it in the log file format. This will show in the first column the address of the proxy/cache:

and in contrast this one will show the correct address of the client in the first column:

Again, modules get passed "%h" and I need them to receive "%{X-Forwarded-For}i". Since some are hard-coded to read "%h", I seem to need to replace the contents of "%h" with the right value.

Hi there,

ah, I see. You should've mentioned the use of a proxy in your previous post.
True, in that setup, REMOTE_ADDR indicating the proxy's IP is a useless information, though technically correct.

Bear in mind that this may be a desired effect - at least if the client uses a proxy deliberately. If the proxy is part of your own infrastructure, however, you don't gain anything in terms of information.

I understand this now. Unfortunately, I can't think of a way to do it, because I'm afraid this behavior is kind of hardwired inside Apache. Or more to the point, it's the result of Apache's not caring whether the apparent client is a proxy. From Apache's view, the proxy requests a resource, so the proxy gets it, and it's the proxy's task to forward it back[*] to the original client. Apache doesn't care.

And to do so, you'll probably have to mess with Apache's source code and recompile your own. I'll gladly withdraw that assumption as soon as anybody comes up with a clever idea, but I doubt if they will ...

[X] Doc CPU


[*] Isn't that a paradox, "to forward it back"? ;-)

Actually there are APIs for the modules to use to interact with Apache so it is a rare occasion that the source code itself needs to be messed with.

After some experimentation, and quite a bit of searching, there does not seem to any method to modify the Apache configuration file by itself to get that change. But there is a second module, mod_extract_forwarded, in addition to rpaf. Neither appear to have had much activity of late.