[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] configuring mod_proxy_ftp for client ip logging

When you rewrite your applications to become secure (i.e. URL = "" the latest versions of the browsers will complain if you leave URLs with the scheme ftp:// - and they don't really support sftp: or ftps:.  They throw a 'mixed content' error if a page which is served via SSL has URLs which are not secure and ftp is one of these.  You would use mod_proxy_ftp if you want to replace the ftp: URLs with https URLs, yet allow the existing ftp server with all its logging and associated metrics to serve these requests.  I know some of the people who watch this list know the nuances of some of the modules and perhaps there was something obvious to make the mod_proxy_ftp pass the client IPs to the ftp server backend so that is why I posted here.  The counterargument is to say ftp is obsolete so just do the metrics from the access_log.

On Wed, Jul 25, 2018 at 8:01 AM, Walter H. <Walter.H@xxxxxxxxxxxxxxxxx> wrote:
On 24.07.2018 19:28, Harbo, Peter wrote:
The mod_proxy_ftp module is working fine for me using release 2.4.25 to send urls matching a pattern to a proftpd server running on the same system.  I have noticed that the source IP address in the ftpd log is the same as the httpd running the mod_proxy_ftp module.  Am I correct in assuming that neither mod_remoteip nor any other configuration options of httpd can cause httpd's ftp proxy module to spoof the IP address of the client sending the request to httpd?  Otherwise this works nicely but we need the correct IP addresses in the proftpd log for metrics.
why not just letting the folks directly to the FTP with anonymous?
so there is no need of this proxy module and you have the real IP addresses in the log;