Discussion:
[Bug 55348] mod_remoteip updates the "ip" (%a), but "host" (%h) still reflects the connection's ip
b***@apache.org
2016-02-11 16:32:35 UTC
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=55348

William A. Rowe Jr. <***@apache.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Version|2.4.4 |2.4-HEAD
OS|Mac OS X 10.4 |All
Summary|%h is not changed in |mod_remoteip updates the
|logging, only %a |"ip" (%a), but "host" (%h)
| |still reflects the
| |connection's ip

--- Comment #1 from William A. Rowe Jr. <***@apache.org> ---
This has the additional perverse effect of treating Require host differently
than Require ip, and was a side-effect of refactoring the remote ip/host into
two sets of connection and request based ip and host. The solution is likely a
fix in httpd core, although mod_remoteip could inflict a performance penalty to
perform this lookup for every request, whether it is examined or not.
--
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-***@httpd.apache.org
For additional commands, e-mail: bugs-***@httpd.apache.org
b***@apache.org
2016-04-14 05:48:15 UTC
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=55348

--- Comment #2 from Takashi Sato <***@tks.st> ---
r1729929, r1729930, r1729931

and these were backported to 2.4.
--
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-***@httpd.apache.org
For additional commands, e-mail: bugs-***@httpd.apache.org
b***@apache.org
2018-03-04 22:22:20 UTC
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=55348

--- Comment #3 from AR <***@yandex.ru> ---
%h should be based off %a in first place, not %{c}a.
This (and one other) bug got me good four hours wasted.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-***@httpd.apache.org
For additional commands, e-mail: bugs-***@httpd.apache.org
b***@apache.org
2018-03-22 08:11:28 UTC
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=55348

--- Comment #4 from ***@xorax.info ---
I should be clearly indicated in the documentation.

%h is the default in the LogFormat. mod_remoteip does not work with the logs by
default.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-***@httpd.apache.org
For additional commands, e-mail: bugs-***@httpd.apache.org
b***@apache.org
2018-11-21 04:12:39 UTC
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=55348

--- Comment #5 from James Baxter <j.w.baxter+***@gmail.com> ---
FYI seems to be blocking transition from RPAF to RemoteIP in Debian repos.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807120
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-***@httpd.apache.org
For additional commands, e-mail: bugs-***@httpd.apache.org
b***@apache.org
2018-11-21 12:31:55 UTC
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=55348

--- Comment #6 from msporleder <***@gmail.com> ---
I reported this initially and, following the backport patches, moved all
production web servers to 2.4's built-in mod_remoteip.

Has anyone checked if this old bug is still real?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-***@httpd.apache.org
For additional commands, e-mail: bugs-***@httpd.apache.org
b***@apache.org
2018-11-22 01:30:03 UTC
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=55348

--- Comment #7 from William A. Rowe Jr. <***@apache.org> ---
Created attachment 36273
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36273&action=edit
Patch to correct %h and provide %{c}h for custom logging

It doesn't appear that the %h behavior was corrected yet.

Attaching a patch to provide %h or %{c}h following the %a behavior.

Please report back results and I'll propose to trunk/2.4.next ASAP.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-***@httpd.apache.org
For additional commands, e-mail: bugs-***@httpd.apache.org
b***@apache.org
2018-12-04 16:49:16 UTC
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=55348

--- Comment #8 from msporleder <***@gmail.com> ---
without patch:
[Tue Dec 04 16:20:43.162834 2018] [core:notice] [pid 8:tid 139745794620296]
AH00094: Command line: 'httpd -D FOREGROUND -C LoadModule remoteip_module
modules/mod_remoteip.so -C CustomLog /proc/self/fd/1 "%a, %{c}a, %h, %f" -C
RemoteIPHeader X-Forwarded-For'

curl localhost:8080/foo
172.17.0.1, 172.17.0.1, 172.17.0.1, /usr/local/apache2/htdocs/foo

curl -H'X-Forwarded-For: 1.1.1.1' localhost:8080/foo
1.1.1.1, 172.17.0.1, 172.17.0.1, /usr/local/apache2/htdocs/foo

with patch:
curl localhost:8080/foo
172.17.0.1, 172.17.0.1, 172.17.0.1, /usr/local/apache2/htdocs/foo

curl -H'X-Forwarded-For: 1.1.1.1' localhost:8080/foo
1.1.1.1, 172.17.0.1, 1.1.1.1, /usr/local/apache2/htdocs/foo


So %h is updated.

Require behavior is based on the X-FF, right?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-***@httpd.apache.org
For additional commands, e-mail: bugs-***@httpd.apache.org
b***@apache.org
2018-12-05 17:56:23 UTC
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=55348

--- Comment #9 from William A. Rowe Jr. <***@apache.org> ---
Yes, the auth phase should follow the translation by mod_remoteip, so the auth
require can be based on the trusted x-f-f: header.

The logic is written to get at the hostname, even if it wasn't previously
looked up as part of an auth transaction. (Without cgi, auth etc, it needs to
be entirely possible to fulfill a connection without ever performing a
connection or x-f-f: reverse name lookup.)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-***@httpd.apache.org
For additional commands, e-mail: bugs-***@httpd.apache.org
b***@apache.org
2018-12-05 17:58:00 UTC
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=55348

--- Comment #10 from msporleder <***@gmail.com> ---
okay was that test sufficient?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-***@httpd.apache.org
For additional commands, e-mail: bugs-***@httpd.apache.org
b***@apache.org
2018-12-05 23:13:58 UTC
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=55348

--- Comment #11 from William A. Rowe Jr. <***@apache.org> ---
It appears I fixed this some time ago in
http://svn.apache.org/viewvc?rev=1730129&view=rev
which reads more cleanly than the patch above.

Proposed for backport.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-***@httpd.apache.org
For additional commands, e-mail: bugs-***@httpd.apache.org
Loading...