[ZendTo] support for x-forwarded-for headers
Jules
Jules at Zend.To
Sun Feb 24 13:55:23 GMT 2019
Ray,
ZendTo already supports the X-Forwarded-For header.
Our setup at the University of Southampton is also behind an F5, and it
all works fine.
I haven't installed any extra Apache modules to make it work.
The only problem we had was when our enterprise IT folks hadn't enabled
the X-Forwarded-For header on the F5 config that was for the ZendTo
service (dropoff.soton.ac.uk).
Are you using the latest version of ZendTo?
Cheers,
Jules.
On 21/02/2019 10:31 am, Armando Martins via ZendTo wrote:
> You're welcome ;)
> You just need to configure the rpaf module and stop using
> x-forwarded-for for you apache logs. Rpaf do all the job.
>
> Explanation from the author:
>
> “Rpaf changes the remote address of the client visible to other Apache
> modules when two conditions are satisfied. First condition is that the
> remote client is actually a proxy that is defined in module
> configuration. Secondly if there is an incoming X-Forwarded-For header
> and the proxy is in it's list of known proxies it takes the last IP
> from the incoming X-Forwarded-For header and changes the remote
> address of the client in the request structure.”
>
> Le jeu. 21 févr. 2019 à 11:26, Gardener, Ray A <R.A.Gardener at shu.ac.uk
> <mailto:R.A.Gardener at shu.ac.uk>> a écrit :
>
> Hi Armando,
>
> Thanks for this. Would I just need to configure the rpaf module
> on Apache? Is there anything else that needs doing in the zendto
> configuration?
>
> Ray Gardener
>
> Infrastructure Analyst
>
> Digital technology Services
>
> Sheffield Hallam University
>
> 0114 225 4926
>
> *From:*ZendTo <zendto-bounces at zend.to
> <mailto:zendto-bounces at zend.to>> *On Behalf Of *Armando Martins
> via ZendTo
> *Sent:* 21 February 2019 09:40
> *To:* ZendTo Users <zendto at zend.to <mailto:zendto at zend.to>>
> *Cc:* Armando Martins <armando.mart1s at gmail.com
> <mailto:armando.mart1s at gmail.com>>
> *Subject:* Re: [ZendTo] support for x-forwarded-for headers
>
> Hi,
>
> you can use the rpaf apache module. I use this behind haproxy and
> it works fine.
>
> Le jeu. 21 févr. 2019 à 10:27, Gardener, Ray A via ZendTo
> <zendto at zend.to <mailto:zendto at zend.to>> a écrit :
>
> Hi,
>
> Access to our zendto installation is behind an F5
> load-balancing proxy. The affect of this is that the IP
> addresses of client access all look to come from the IP
> address associated with the proxy rather than the actual IP
> address of the client machines. The proxy address is what
> is captured in the zendto database and is included in the
> reports which zendto sends out. For security it would be
> useful to see the client IP addresses. The Apache server
> can be configured to log this as an x-forwarded-for address
>
> https://en.wikipedia.org/wiki/X-Forwarded-For
>
> is there any way that zendto con be configured to use either
> x-forwarded-for or a similar mechanism to log and report the
> real IP address of the client?
>
> Ray Gardener
>
> Infrastructure Analyst
>
> Digital Technology Services
>
> Sheffield Hallam University
>
> 0114 225 4926
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to <mailto:ZendTo at zend.to>
> http://jul.es/mailman/listinfo/zendto
>
>
> --
>
> Armando Martins
>
>
>
> --
> Armando Martins
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto
Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
The current UK shipping forecast:
Fisher: Variable 3 or 4, becoming west 4 or 5 later. Slight or moderate. Fog
banks. Moderate or good, occasionally very poor.
www.Zend.To
Twitter: @JulesFM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20190224/da72fb43/attachment.html>
More information about the ZendTo
mailing list