[ZendTo] support for x-forwarded-for headers

Jules Field Jules at Zend.To
Tue Feb 26 10:19:26 GMT 2019 

Ray,

That sounds good. 4.11 certainly won't understand things like 
X-Forwarded-For.

Cheers,
Jules.

On 24/02/2019 23:05, Gardener, Ray A wrote:
>
> Jules,
>
> Thanks for the reply,
>
> The current version is 4.11. However I am updating to  the latest 
> version of 5 on a new server in the next two weeks. I have already 
> installed rpaf on both the old and new install  but will disable it on 
> the new install and test prior to deployment.
>
> Ray Gardener
>
> *From:*Jules <Jules at Zend.To>
> *Sent:* 24 February 2019 13:55
> *To:* ZendTo Users <zendto at zend.to>; Gardener, Ray A 
> <cisrag at exchange.shu.ac.uk>
> *Cc:* Armando Martins <armando.mart1s at gmail.com>
> *Subject:* Re: [ZendTo] support for x-forwarded-for headers
>
> Ray,
>
> ZendTo already supports the X-Forwarded-For header.
>
> Our setup at the University of Southampton is also behind an F5, and 
> it all works fine.
> I haven't installed any extra Apache modules to make it work.
>
> The only problem we had was when our enterprise IT folks hadn't 
> enabled the X-Forwarded-For header on the F5 config that was for the 
> ZendTo service (dropoff.soton.ac.uk).
>
> Are you using the latest version of ZendTo?
>
> Cheers,
> Jules.
>
> On 21/02/2019 10:31 am, Armando Martins via ZendTo wrote:
>
>     You're welcome ;)
>
>     You just need to configure the rpaf module and stop using
>     x-forwarded-for for you apache logs. Rpaf do all the job.
>
>     Explanation from the author:
>
>     “Rpaf changes the remote address of the client visible to other
>     Apache modules when two conditions are satisfied. First condition
>     is that the remote client is actually a proxy that is defined in
>     module configuration. Secondly if there is an incoming
>     X-Forwarded-For header and the proxy is in it's list of known
>     proxies it takes the last IP from the incoming X-Forwarded-For
>     header and changes the remote address of the client in the request
>     structure.”
>
>     Le jeu. 21 févr. 2019 à 11:26, Gardener, Ray A
>     <R.A.Gardener at shu.ac.uk <mailto:R.A.Gardener at shu.ac.uk>> a écrit :
>
>         Hi Armando,
>
>         Thanks for  this. Would I just need to configure the rpaf
>         module  on Apache?  Is  there anything else  that needs doing
>         in the zendto configuration?
>
>         Ray Gardener
>
>         Infrastructure Analyst
>
>         Digital technology Services
>
>         Sheffield Hallam University
>
>         0114 225 4926
>
>         *From:*ZendTo <zendto-bounces at zend.to
>         <mailto:zendto-bounces at zend.to>> *On Behalf Of *Armando
>         Martins via ZendTo
>         *Sent:* 21 February 2019 09:40
>         *To:* ZendTo Users <zendto at zend.to <mailto:zendto at zend.to>>
>         *Cc:* Armando Martins <armando.mart1s at gmail.com
>         <mailto:armando.mart1s at gmail.com>>
>         *Subject:* Re: [ZendTo] support for x-forwarded-for headers
>
>         Hi,
>
>         you can use the rpaf apache module. I use this behind haproxy
>         and it works fine.
>
>         Le jeu. 21 févr. 2019 à 10:27, Gardener, Ray A via ZendTo
>         <zendto at zend.to <mailto:zendto at zend.to>> a écrit :
>
>             Hi,
>
>             Access to our zendto installation is behind an F5
>             load-balancing proxy.  The affect of this is that the IP
>             addresses of client access all look to come from  the IP
>             address associated with the proxy rather than the actual
>              IP address of the client machines.    The proxy address
>             is what  is captured in the zendto database and is
>             included in  the reports which zendto sends out.   For
>             security it would be useful to see the  client IP
>             addresses.   The Apache server can be configured to log
>             this  as  an x-forwarded-for address
>
>             https://en.wikipedia.org/wiki/X-Forwarded-For
>
>             is there any way that zendto  con be configured to use
>             either x-forwarded-for or a similar mechanism  to log and
>             report the real IP address of the client?
>
>             Ray Gardener
>
>             Infrastructure Analyst
>
>             Digital Technology Services
>
>             Sheffield Hallam University
>
>             0114 225 4926
>
>             _______________________________________________
>             ZendTo mailing list
>             ZendTo at zend.to <mailto:ZendTo at zend.to>
>             http://jul.es/mailman/listinfo/zendto
>
>
>         -- 
>
>         Armando Martins
>
>
>     -- 
>
>     Armando Martins
>
>
>
>     _______________________________________________
>
>     ZendTo mailing list
>
>     ZendTo at zend.to  <mailto:ZendTo at zend.to>
>
>     http://jul.es/mailman/listinfo/zendto
>
>
>
> Jules
> -- 
> Julian Field MEng CEng CITP MBCS MIEEE MACM
> The current UK shipping forecast:
> Fisher: Variable 3 or 4, becoming west 4 or 5 later. Slight or moderate. Fog
> banks. Moderate or good, occasionally very poor.
> www.Zend.To  <http://www.Zend.To>
> Twitter: @JulesFM

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

'I have lost friends, some by death ... others through sheer inability
  to cross the street.' - Virginia Woolf

www.Zend.To
Twitter: @JulesFM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20190226/1b1ec55a/attachment.html>

More information about the ZendTo mailing list