osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 61896] New: CONN_REMOTE_ADDR not exposed to php scripts


https://bz.apache.org/bugzilla/show_bug.cgi?id=61896

            Bug ID: 61896
           Summary: CONN_REMOTE_ADDR not exposed to php scripts
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_remoteip
          Assignee: bugs@xxxxxxxxxxxxxxxx
          Reporter: h.reindl@xxxxxxxxxxxxx
  Target Milestone: ---

mod_rewrite supports for years now REMOTE_ADDR *and* CONN_REMOTE_ADDR, see
samle below, mod_remoteip don't give you any information within a PHP script
about the physical connecting IP

this can be crucial when your reverse-proxy adds headers which you can use in
your application to make decisions because you should verify the source-ip to
make sure that header is trustable

the setup below has one big goal: decide via DNS if a website goes directly to
httpd or for high traffic pages over the reverse-proxy which in this case would
do TLS-offloading and sim,ilar decisions can happen within the application - or
better said it should be posible to do so

<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{CONN_REMOTE_ADDR} !^192\.168\.196\.2
 RewriteCond %{HTTPS} off
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx