Hmmm ... But what I am seeing in the logs is the following:
without mod_rpaf in the logs I see:
%{X-Forwarded-For}i == 'client ip'
%h == 'proxy ip'
and with keep-live I see:
%{X-Forwarded-For}i == empty
%h == 'proxy ip'
with mod_rpaf I see:
%{X-Forwarded-For}i == 'client ip'
%h == 'client ip'
and with keep-live I see:
%{X-Forwarded-For}i == empty
%h == 'proxy ip'
so even with mod_rpaf I still see the proxy ip with %h when keep-alive is used, and my application see the proxy ip :(
On 21-Jan-09, at 5:03 PM, Patrick Viet wrote:
> On Wed, Jan 21, 2009 at 11:40 PM, Dima Brodsky <dima#worio.com> wrote:
>> I am telling mod_rpaf to look at both the local and the assigned
>> IP. I am
>> also seeing it being re-writtent about 50% of the time, but a lot
>> of the
>> times I still see the poxy's IP. Question, this setup is running on
>> Amazon's EC2 ... does anybody know if there is any sort of special
>> config
>> that needs to be done? In the http logs I am printing %h and
>> %{X-Forwarded-For}i
>
> Hi,
>
> OK I get it now. You are *NOT* supposed to get a X-Forwarded-for the
> second time : you actually do not get it ! Just ignore the existence
> of it in your apache config. Log with normal log parameters...
> mod_rpaf replaces remote ip (%h) variable for apache and whatever is
> running in it (mod_php and so on).
>
>> Yes, mod_rpaf is at the end of the module list, should it be closer
>> to the
>> top? I am new to apache config, so I gather modules are processed in
>> reverse order they are listed in the config file?
>
> Yes.
>
> --
> Patrick Viet
>
-- dima@worio.com http://www.cs.ubc.ca/~dima "The price of reliability is the pursuit of the utmost simplicity. It is a price which the very rich find the most hard to pay." (Sir Antony Hoare, 1980)Received on 2009/01/22 02:21
This archive was generated by hypermail 2.2.0 : 2009/01/22 02:30 CET