Re: Handling load balancer's X-FORWARDED-FOR header: mod_proxy vs mod_remoteip and Apache 2.2.6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



----- "J.Lance Wilkinson" <jlw12@xxxxxxxxxxxxxxx> wrote:

> I've got Apache 2.2.6 in production and we're *trialling* a new load
> balancer 
> which is able to create an X-FORWARDED-FOR header.
> 
> I wanted to keep things simple as possible, and it looked like
> mod_remoteip was 
> the module I wanted to use for this purpose.   Simply using the
> mod_remoteip 
> directive  "RemoteIPHeader X-Forwarded-For" should do what I wanted.
> 
> Then I found out how difficult it was to FIND the source for
> mod_remoteip.  The
> website decribed it as a BASE module, but that is apparently for
> Apache 2.3 and 
> up, since it's not evident in my 2.2.6 sources.

mod_remoteip is a module from 2.3

http://httpd.apache.org/docs/trunk/mod/mod_remoteip.html

Thus you can find it in:
Apache httpd's subversion respository in /trunk/
https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/proxy/

> FINALLY (and this was a few weeks ago so I don't recall where) I found
> a source
> file for mod_remoteip.c.
> 
> Then off to several conferences and returning to the office, I learn
> the trial 
> load balancer is on its way out the door in the next day or so.
> 
> Trying to compile mod_remoteip.c, I get errors suggesting that there
> was 
> apparently a change in the structure of modules between when this
> source was 
> created and the APXS that I'm trying to use from Apache 2.2.6 --
> 
> # /dlt/sw/httpd-2.2.6-cosign/bin/apxs -c mod_remoteip.c
> /dlt/sw/httpd-2.2.6-cosign/build/libtool --silent --mode=compile cc
> -prefer-pic 
>    -DSOLARIS2=10 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT
> -D_LARGEFILE64_SOURCE 
> -g -I/dlt/sw/httpd-2.2.6-cosign/include 
> -I/dlt/sw/httpd-2.2.6-cosign/include 
>   -I/dlt/sw/httpd-2.2.6-cosign/include   -c -o mod_remoteip.lo
> mod_remoteip.c 
> && touch mod_remoteip.slo
> "mod_remoteip.c", line 481: warning: function prototype parameters
> must have types
> "mod_remoteip.c", line 481: warning: old-style declaration or
> incorrect type 
> for: AP_DECLARE_MODULE
> "mod_remoteip.c", line 481: cannot initialize function:
> AP_DECLARE_MODULE
> "mod_remoteip.c", line 481: cannot recover from previous errors
> cc: acomp failed for mod_remoteip.c
> apxs:Error: Command failed with rc=65536
> .
> #

Yup, looks like it won't work with 2.2...

> Short of modifying the source code to backfit it to 2.2.6 (which I am
> at a loss 
> how to do), it's been suggested I look at mod_proxy, which is
> apparently part 
> of the base for 2.2.6 (I am explicitly NOT loading this module right
> now). 
> But I don't see the header "X-Forwarded-For" cited anywhere in the
> mod_proxy 
> documentation, and I would expect that if this is a typical use of
> mod_proxy, 
> there'd be SOMETHING like that noted there.
> 
> Thoughts on either the refitting for Apache 2.2.6 of mod_remoteip,
> using 
> mod_proxy for the same purpose, or some other method of achieving this
> with the 
> module's I've got to work with?

Have you considered using mod_rpaf for this kind of fun?

http://stderr.net/apache/rpaf/

It's a module for 2.2, that does exactly that.


> -- 
> J.Lance Wilkinson ("Lance")		InterNet: Lance.Wilkinson@xxxxxxx
> Systems Design Specialist - Lead	Phone: (814) 865-4870
> Digital Library Technologies		FAX:   (814) 863-3560
> E3 Paterno Library
> Penn State University
> University Park, PA 16802
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

-- 
Igor GaliÄ

Tel: +43 (0) 664 886 22 883
Mail: i.galic@xxxxxxxxxxxxxx
URL: http://brainsware.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux