[ZendTo] support for x-forwarded-for headers

Gardener, Ray A R.A.Gardener at shu.ac.uk
Sun Feb 24 23:05:52 GMT 2019 

Jules,

Thanks for the reply,
The current version is 4.11. However I am updating to  the latest version of 5 on a new server in the next two weeks.  I have already installed rpaf on both the old and new install  but will disable it on the new install and test prior to deployment.

Ray Gardener

From: Jules <Jules at Zend.To>
Sent: 24 February 2019 13:55
To: ZendTo Users <zendto at zend.to>; Gardener, Ray A <cisrag at exchange.shu.ac.uk>
Cc: Armando Martins <armando.mart1s at gmail.com>
Subject: Re: [ZendTo] support for x-forwarded-for headers

Ray,

ZendTo already supports the X-Forwarded-For header.

Our setup at the University of Southampton is also behind an F5, and it all works fine.
I haven't installed any extra Apache modules to make it work.

The only problem we had was when our enterprise IT folks hadn't enabled the X-Forwarded-For header on the F5 config that was for the ZendTo service (dropoff.soton.ac.uk).

Are you using the latest version of ZendTo?

Cheers,
Jules.
On 21/02/2019 10:31 am, Armando Martins via ZendTo wrote:
You're welcome ;)
You just need to configure the rpaf module and stop using x-forwarded-for for you apache logs. Rpaf do all the job.

Explanation from the author:

“Rpaf changes the remote address of the client visible to other Apache modules when two conditions are satisfied. First condition is that the remote client is actually a proxy that is defined in module configuration. Secondly if there is an incoming X-Forwarded-For header and the proxy is in it's list of known proxies it takes the last IP from the incoming X-Forwarded-For header and changes the remote address of the client in the request structure.”

Le jeu. 21 févr. 2019 à 11:26, Gardener, Ray A <R.A.Gardener at shu.ac.uk<mailto:R.A.Gardener at shu.ac.uk>> a écrit :
Hi Armando,


Thanks for  this. Would I just need to configure the rpaf module  on Apache?  Is  there anything else  that needs doing in the zendto configuration?


Ray Gardener
Infrastructure Analyst
Digital technology Services
Sheffield Hallam University
0114 225 4926



From: ZendTo <zendto-bounces at zend.to<mailto:zendto-bounces at zend.to>> On Behalf Of Armando Martins via ZendTo
Sent: 21 February 2019 09:40
To: ZendTo Users <zendto at zend.to<mailto:zendto at zend.to>>
Cc: Armando Martins <armando.mart1s at gmail.com<mailto:armando.mart1s at gmail.com>>
Subject: Re: [ZendTo] support for x-forwarded-for headers

Hi,

you can use the rpaf apache module. I use this behind haproxy and it works fine.

Le jeu. 21 févr. 2019 à 10:27, Gardener, Ray A via ZendTo <zendto at zend.to<mailto:zendto at zend.to>> a écrit :
Hi,

Access to our zendto installation is behind an F5 load-balancing proxy.  The affect of this is that the IP addresses of client access all look to come from  the IP address associated with the proxy rather than the actual  IP address of the client machines.    The proxy address is what  is captured in the zendto database and is included in  the reports which zendto sends out.   For security it would be useful to see the  client IP addresses.   The Apache server can be configured to log this  as  an  x-forwarded-for address

https://en.wikipedia.org/wiki/X-Forwarded-For

is there any way that zendto  con be configured to use either x-forwarded-for or a similar mechanism  to log and report the real IP address of the client?



Ray Gardener
Infrastructure Analyst
Digital Technology Services
Sheffield Hallam University
0114 225 4926



_______________________________________________
ZendTo mailing list
ZendTo at zend.to<mailto:ZendTo at zend.to>
http://jul.es/mailman/listinfo/zendto


--
Armando Martins


--
Armando Martins



_______________________________________________

ZendTo mailing list

ZendTo at zend.to<mailto:ZendTo at zend.to>

http://jul.es/mailman/listinfo/zendto



Jules



--

Julian Field MEng CEng CITP MBCS MIEEE MACM



The current UK shipping forecast:

Fisher: Variable 3 or 4, becoming west 4 or 5 later. Slight or moderate. Fog

banks. Moderate or good, occasionally very poor.



www.Zend.To<http://www.Zend.To>

Twitter: @JulesFM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20190224/1ac6612b/attachment-0001.html>

More information about the ZendTo mailing list