[ZendTo] support for x-forwarded-for headers
Keith Erekson
kbe2 at lehigh.edu
Thu Feb 21 17:21:05 GMT 2019
We use mod_remoteip for this
https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html
Conf is very simple, and this module is built into the Debian/Ubuntu
package:
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy x.x.x.x y.y.y.y
On 2/21/19 5:31 AM, Armando Martins via ZendTo wrote:
> You're welcome ;)
> You just need to configure the rpaf module and stop using
> x-forwarded-for for you apache logs. Rpaf do all the job.
>
> Explanation from the author:
>
> “Rpaf changes the remote address of the client visible to other Apache
> modules when two conditions are satisfied. First condition is that the
> remote client is actually a proxy that is defined in module
> configuration. Secondly if there is an incoming X-Forwarded-For header
> and the proxy is in it's list of known proxies it takes the last IP
> from the incoming X-Forwarded-For header and changes the remote
> address of the client in the request structure.”
>
> Le jeu. 21 févr. 2019 à 11:26, Gardener, Ray A <R.A.Gardener at shu.ac.uk
> <mailto:R.A.Gardener at shu.ac.uk>> a écrit :
>
> Hi Armando,
>
>
>
>
>
> Thanks for this. Would I just need to configure the rpaf module
> on Apache? Is there anything else that needs doing in the
> zendto configuration?
>
>
>
>
>
> Ray Gardener
>
> Infrastructure Analyst
>
> Digital technology Services
>
> Sheffield Hallam University
>
> 0114 225 4926
>
>
>
>
>
>
>
> *From:*ZendTo <zendto-bounces at zend.to
> <mailto:zendto-bounces at zend.to>> *On Behalf Of *Armando Martins
> via ZendTo
> *Sent:* 21 February 2019 09:40
> *To:* ZendTo Users <zendto at zend.to <mailto:zendto at zend.to>>
> *Cc:* Armando Martins <armando.mart1s at gmail.com
> <mailto:armando.mart1s at gmail.com>>
> *Subject:* Re: [ZendTo] support for x-forwarded-for headers
>
>
>
> Hi,
>
>
>
> you can use the rpaf apache module. I use this behind haproxy and
> it works fine.
>
>
>
> Le jeu. 21 févr. 2019 à 10:27, Gardener, Ray A via ZendTo
> <zendto at zend.to <mailto:zendto at zend.to>> a écrit :
>
> Hi,
>
>
>
> Access to our zendto installation is behind an F5
> load-balancing proxy. The affect of this is that the IP
> addresses of client access all look to come from the IP
> address associated with the proxy rather than the actual IP
> address of the client machines. The proxy address is what
> is captured in the zendto database and is included in the
> reports which zendto sends out. For security it would be
> useful to see the client IP addresses. The Apache server
> can be configured to log this as an x-forwarded-for address
>
>
>
> https://en.wikipedia.org/wiki/X-Forwarded-For
>
>
>
> is there any way that zendto con be configured to use either
> x-forwarded-for or a similar mechanism to log and report the
> real IP address of the client?
>
>
>
>
>
>
>
> Ray Gardener
>
> Infrastructure Analyst
>
> Digital Technology Services
>
> Sheffield Hallam University
>
> 0114 225 4926
>
>
>
>
>
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to <mailto:ZendTo at zend.to>
> http://jul.es/mailman/listinfo/zendto
>
>
>
>
> --
>
> Armando Martins
>
>
>
> --
> Armando Martins
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20190221/00b8ec3f/attachment-0001.html>
More information about the ZendTo
mailing list