[ZendTo] support for x-forwarded-for headers

Armando Martins armando.mart1s at gmail.com
Thu Feb 21 10:31:41 GMT 2019 

You're welcome ;)
You just need to configure the rpaf module and stop using x-forwarded-for
for you apache logs. Rpaf do all the job.

Explanation from the author:

“Rpaf changes the remote address of the client visible to other Apache
modules when two conditions are satisfied. First condition is that the
remote client is actually a proxy that is defined in module configuration.
Secondly if there is an incoming X-Forwarded-For header and the proxy is in
it's list of known proxies it takes the last IP from the incoming
X-Forwarded-For header and changes the remote address of the client in the
request structure.”

Le jeu. 21 févr. 2019 à 11:26, Gardener, Ray A <R.A.Gardener at shu.ac.uk> a
écrit :

> Hi Armando,
>
>
>
>
>
> Thanks for  this. Would I just need to configure the rpaf module  on
> Apache?  Is  there anything else  that needs doing in the zendto
> configuration?
>
>
>
>
>
> Ray Gardener
>
> Infrastructure Analyst
>
> Digital technology Services
>
> Sheffield Hallam University
>
> 0114 225 4926
>
>
>
>
>
>
>
> *From:* ZendTo <zendto-bounces at zend.to> *On Behalf Of *Armando Martins
> via ZendTo
> *Sent:* 21 February 2019 09:40
> *To:* ZendTo Users <zendto at zend.to>
> *Cc:* Armando Martins <armando.mart1s at gmail.com>
> *Subject:* Re: [ZendTo] support for x-forwarded-for headers
>
>
>
> Hi,
>
>
>
> you can use the rpaf apache module. I use this behind haproxy and it works
> fine.
>
>
>
> Le jeu. 21 févr. 2019 à 10:27, Gardener, Ray A via ZendTo <zendto at zend.to>
> a écrit :
>
> Hi,
>
>
>
> Access to our zendto installation is behind an F5 load-balancing proxy.
> The affect of this is that the IP addresses of client access all look to
> come from  the IP address associated with the proxy rather than the actual
>  IP address of the client machines.    The proxy address is what  is
> captured in the zendto database and is included in  the reports which
> zendto sends out.   For security it would be useful to see the  client IP
> addresses.   The Apache server can be configured to log this  as  an
> x-forwarded-for address
>
>
>
> https://en.wikipedia.org/wiki/X-Forwarded-For
>
>
>
> is there any way that zendto  con be configured to use either
> x-forwarded-for or a similar mechanism  to log and report the real IP
> address of the client?
>
>
>
>
>
>
>
> Ray Gardener
>
> Infrastructure Analyst
>
> Digital Technology Services
>
> Sheffield Hallam University
>
> 0114 225 4926
>
>
>
>
>
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto
>
>
>
>
> --
>
> Armando Martins
>


-- 
Armando Martins
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20190221/bad6ab5d/attachment.html>

More information about the ZendTo mailing list