On Fri, Apr 09, 2010 at 12:42:41AM +0300, Toni Mattila wrote:
> Hi Willy,
>
> >Since you're using HTTP, it's a real waste of simplicity and performance
> >to try to work in transparent mode. You'd better work in a normal proxy
> >mode and configure your web server to report the client's IP address in
> >the logs instead of relying on haproxy and your kernel to spoof the client.
>
> The reason I'm pursuing this transparent route is that I haven't found a
> real clean patch for Apache that would report X-Forwarded-For also
> reliably to CGI's REMOTE_ADDR env-variable and to .htaccess deny/allow
> lines. So you wouldn't have to modify existing scripts / .htaccesses to
> know about the reverse proxy.
>
> If there's a good patch for Apache 2.x that supports that I'd be more
> than happy to use that instead of this bit kludgy way.
in my opinion, mod_rpaf does all that, unless I missed something.
Regards,
Willy
Received on 2010/04/08 23:46
This archive was generated by hypermail 2.2.0 : 2010/04/09 00:00 CEST