Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Apache: Users

Passing remote client IP address to backend server and session stickness

 

 

Apache users RSS feed   Index | Next | Previous | View Threaded


Ruiyuan_Jiang at liz

Nov 30, 2009, 1:37 PM

Post #1 of 16 (2749 views)
Permalink
Passing remote client IP address to backend server and session stickness

Hi, all

Question 1: Is there a way to pass Internet users' IP address to backend server through Apache reverse proxy server? I am testing that feature so far no luck. My backend server gets Apache proxy server's IP address. But I'd like to have Internet users' IP being passed through Apache. This is http request.

Question 2: I am testing another Apache reverse proxy which proxies two backend https servers. I am trying to use mod_proxy_balancer.

<proxy balancer://mycluster>
Balancermember https://192.168.1.1:443 keepalive=on
Balancermember https://192.168.1.2:443 keepalive=on
</proxy>

Proxypass /test balancer:mycluster/

When I test to access the site, I got login prompt from first server which I saw from access log. I typed in login name and password. I got the login prompt back but from the log I saw the connectivity was back from server 2. It seems to me like round robin connection to backend server by Apache. I tried with keyword "JSESSION" but no luck. Does anyone know how to configure Apache so the same connection always goes through the same backend https (http) server. Thanks in advance.

Ryan Jiang



This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended
recipient, please notify the sender immediately by
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


haroon.rafique at utoronto

Nov 30, 2009, 4:53 PM

Post #2 of 16 (2668 views)
Permalink
Re: Passing remote client IP address to backend server and session stickness [In reply to]

On Today at 4:37pm, RJ=>Ruiyuan Jiang <Ruiyuan_Jiang [at] liz> wrote:

RJ> Hi, all
RJ>
RJ> Question 1: Is there a way to pass Internet users' IP address to
RJ> backend server through Apache reverse proxy server? I am testing that
RJ> feature so far no luck. My backend server gets Apache proxy server's
RJ> IP address. But I'd like to have Internet users' IP being passed
RJ> through Apache. This is http request.
RJ>

Hi Ruiyan,

See:
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#x-headers
you are interested in the X-Forwarde-For header.
Once you get it to your backend server, then you will need to figure out
how to get the information from that header into your logs (or whereever
else). You may need to take extra care as multiple proxies can be in the
path, so only trust this information if coming straight from your own
reverse proxy.

RJ>
RJ> [..snip..]
RJ>

Later,
--
Haroon Rafique
<haroon.rafique [at] utoronto>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


wrowe at rowe-clan

Nov 30, 2009, 6:14 PM

Post #3 of 16 (2676 views)
Permalink
Re: Passing remote client IP address to backend server and session stickness [In reply to]

I realize I just answered you, but in response to your explicit and
specific questions;

Ruiyuan Jiang wrote:
>
> Question 1: Is there a way to pass Internet users' IP address to backend server through Apache reverse proxy server? I am testing that feature so far no luck. My backend server gets Apache proxy server's IP address. But I'd like to have Internet users' IP being passed through Apache. This is http request.

Only if this information has been shared with you by the upstream proxy
or router/gateway/forward proxy. E.g. - what mod_remoteip is designed
to decode, ---when the information is presented---.

> Question 2: I am testing another Apache reverse proxy which proxies two backend https servers. I am trying to use mod_proxy_balancer.
>
> <proxy balancer://mycluster>
> Balancermember https://192.168.1.1:443 keepalive=on
> Balancermember https://192.168.1.2:443 keepalive=on
> </proxy>
>
> Proxypass /test balancer:mycluster/
>
> When I test to access the site, I got login prompt from first server which I saw from access log. I typed in login name and password. I got the login prompt back but from the log I saw the connectivity was back from server 2. It seems to me like round robin connection to backend server by Apache. I tried with keyword "JSESSION" but no luck. Does anyone know how to configure Apache so the same connection always goes through the same backend https (http) server. Thanks in advance.

Are you forgetting your ProxyPassReverse statements? As of the current
version, the syntax above (but wtf happened to your // before mycluster???)
would work just fine for a ProxyPassReverse rule.

> This message (including any attachments) is intended
> solely for the specific individual(s) or entity(ies) named
> above, and may contain legally privileged and
> confidential information. If you are not the intended
> recipient, please notify the sender immediately by
> replying to this message and then delete it.
> Any disclosure, copying, or distribution of this message,
> or the taking of any action based on it, by other than the
> intended recipient, is strictly prohibited.

You have emailed a public list. Your intended individuals are the world.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


Ruiyuan_Jiang at liz

Dec 1, 2009, 7:09 AM

Post #4 of 16 (2674 views)
Permalink
RE: Passing remote client IP address to backend server and session stickness [In reply to]

Hi, Haroon

I see that also but I don't know how to use them. I put the statement into my vhost of Apache reverse proxy and the apache complaining they are wrong statement, etc.


<virtualhost>

...
Proxyrequst off
.....
X-Forwarded-For
....
</virtualhost>

Is above the correct way to use it? I am not much care about the remote IP being logged in the Apache log but I am care about the remote client IP being forwarded to the backend server since our backend server will decide what to do based on the remote client IP. Thanks.

Ryan


-----Original Message-----
From: Haroon Rafique [mailto:haroon.rafique [at] utoronto]
Sent: Monday, November 30, 2009 7:54 PM
To: users [at] httpd
Subject: Re: [users [at] http] Passing remote client IP address to backend server and session stickness

On Today at 4:37pm, RJ=>Ruiyuan Jiang <Ruiyuan_Jiang [at] liz> wrote:

RJ> Hi, all
RJ>
RJ> Question 1: Is there a way to pass Internet users' IP address to
RJ> backend server through Apache reverse proxy server? I am testing that
RJ> feature so far no luck. My backend server gets Apache proxy server's
RJ> IP address. But I'd like to have Internet users' IP being passed
RJ> through Apache. This is http request.
RJ>

Hi Ruiyan,

See:
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#x-headers
you are interested in the X-Forwarde-For header.
Once you get it to your backend server, then you will need to figure out
how to get the information from that header into your logs (or whereever
else). You may need to take extra care as multiple proxies can be in the
path, so only trust this information if coming straight from your own
reverse proxy.

RJ>
RJ> [..snip..]
RJ>

Later,
--
Haroon Rafique
<haroon.rafique [at] utoronto>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended
recipient, please notify the sender immediately by
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


haroon.rafique at utoronto

Dec 1, 2009, 7:23 AM

Post #5 of 16 (2676 views)
Permalink
RE: Passing remote client IP address to backend server and session stickness [In reply to]

On Today at 10:09am, RJ=>Ruiyuan Jiang <Ruiyuan_Jiang [at] liz> wrote:

RJ> Hi, Haroon
RJ>
RJ> I see that also but I don't know how to use them. I put the statement
RJ> into my vhost of Apache reverse proxy and the apache complaining they
RJ> are wrong statement, etc.
RJ>

Hi Ryan,

X-Forwarded-For is not a statement that goes inside the httpd.conf. The
documentation page is just telling you that these headers are already
available to you, if you are using reverse-proxy.

RJ>
RJ> <virtualhost>
RJ>
RJ> ...
RJ> Proxyrequst off
RJ> .....
RJ> X-Forwarded-For
RJ> ....
RJ> </virtualhost>
RJ>

So, don't put the X-Forwarded-For statement there.

RJ>
RJ> Is above the correct way to use it? I am not much care about the
RJ> remote IP being logged in the Apache log but I am care about the
RJ> remote client IP being forwarded to the backend server since our
RJ> backend server will decide what to do based on the remote client IP.
RJ> Thanks.
RJ>

For the backend server to be able to "see" the remote client IP, as if it
was the real client IP, your application will have to be aware of the
X-Forwarded-For. Depending on what technology you are using on the
backend, the answer may be different about how to make your backend be
aware of X-Forwarded-For header. Regardless of the technology, you
probably should read up on the XFF entry at wikipedia:
http://en.wikipedia.org/wiki/X-Forwarded-For
And again, regardless of the tech, the HTTP request will contain the
X-Forwarded-For header. On my java projects, I use xebia-france
XForwardedFilter at:
http://code.google.com/p/xebia-france/wiki/XForwardedFilter

YMMV,

RJ>
RJ> Ryan
RJ>

Cheers,
--
Haroon Rafique
<haroon.rafique [at] utoronto>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


Ruiyuan_Jiang at liz

Dec 1, 2009, 7:23 AM

Post #6 of 16 (2670 views)
Permalink
RE: Passing remote client IP address to backend server and session stickness [In reply to]

Hi, William

For your answer to my question 1, current I use BlueCoat reverse proxy which is passing internet remote client IP to the backend server. We'd like to migrate the reverse proxy server to Apache server. The rest network setup has not been changed.

For your answer to my question2, it is my fault that I did not post all the related statements. Here they are:

<Proxy balancer://backend>
BalancerMember https://backend1:443 keepalive=on
BalancerMember https://backend2:443 keepalive=on
</Proxy>
ProxyPass / balancer://backend/
ProxyPassReverse / balancer://backend/ stickysession=JSESSIONID|jsessionid

Like I said, the Apache does not stick the https session to one particular server for the session.

Ryan Jiang

-----Original Message-----
From: William A. Rowe Jr. [mailto:wrowe [at] rowe-clan]
Sent: Monday, November 30, 2009 9:14 PM
To: users [at] httpd
Subject: Re: [users [at] http] Passing remote client IP address to backend server and session stickness

I realize I just answered you, but in response to your explicit and
specific questions;

Ruiyuan Jiang wrote:
>
> Question 1: Is there a way to pass Internet users' IP address to backend server through Apache reverse proxy server? I am testing that feature so far no luck. My backend server gets Apache proxy server's IP address. But I'd like to have Internet users' IP being passed through Apache. This is http request.

Only if this information has been shared with you by the upstream proxy
or router/gateway/forward proxy. E.g. - what mod_remoteip is designed
to decode, ---when the information is presented---.

> Question 2: I am testing another Apache reverse proxy which proxies two backend https servers. I am trying to use mod_proxy_balancer.
>
> <proxy balancer://mycluster>
> Balancermember https://192.168.1.1:443 keepalive=on
> Balancermember https://192.168.1.2:443 keepalive=on
> </proxy>
>
> Proxypass /test balancer:mycluster/
>
> When I test to access the site, I got login prompt from first server which I saw from access log. I typed in login name and password. I got the login prompt back but from the log I saw the connectivity was back from server 2. It seems to me like round robin connection to backend server by Apache. I tried with keyword "JSESSION" but no luck. Does anyone know how to configure Apache so the same connection always goes through the same backend https (http) server. Thanks in advance.

Are you forgetting your ProxyPassReverse statements? As of the current
version, the syntax above (but wtf happened to your // before mycluster???)
would work just fine for a ProxyPassReverse rule.

> This message (including any attachments) is intended
> solely for the specific individual(s) or entity(ies) named
> above, and may contain legally privileged and
> confidential information. If you are not the intended
> recipient, please notify the sender immediately by
> replying to this message and then delete it.
> Any disclosure, copying, or distribution of this message,
> or the taking of any action based on it, by other than the
> intended recipient, is strictly prohibited.

You have emailed a public list. Your intended individuals are the world.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended
recipient, please notify the sender immediately by
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


Ruiyuan_Jiang at liz

Dec 1, 2009, 7:29 AM

Post #7 of 16 (2664 views)
Permalink
RE: Passing remote client IP address to backend server and session stickness [In reply to]

Hi, Haroon

Thanks for the reply. Do you mean they are automatically activated for reverse proxy? Unfortunately it does not work for me if they are activated. My backend server will be Oracle 9iAS or Oracle 10gAS.

Ryan

-----Original Message-----
From: Haroon Rafique [mailto:haroon.rafique [at] utoronto]
Sent: Tuesday, December 01, 2009 10:23 AM
To: users [at] httpd
Subject: RE: [users [at] http] Passing remote client IP address to backend server and session stickness

On Today at 10:09am, RJ=>Ruiyuan Jiang <Ruiyuan_Jiang [at] liz> wrote:

RJ> Hi, Haroon
RJ>
RJ> I see that also but I don't know how to use them. I put the statement
RJ> into my vhost of Apache reverse proxy and the apache complaining they
RJ> are wrong statement, etc.
RJ>

Hi Ryan,

X-Forwarded-For is not a statement that goes inside the httpd.conf. The
documentation page is just telling you that these headers are already
available to you, if you are using reverse-proxy.

RJ>
RJ> <virtualhost>
RJ>
RJ> ...
RJ> Proxyrequst off
RJ> .....
RJ> X-Forwarded-For
RJ> ....
RJ> </virtualhost>
RJ>

So, don't put the X-Forwarded-For statement there.

RJ>
RJ> Is above the correct way to use it? I am not much care about the
RJ> remote IP being logged in the Apache log but I am care about the
RJ> remote client IP being forwarded to the backend server since our
RJ> backend server will decide what to do based on the remote client IP.
RJ> Thanks.
RJ>

For the backend server to be able to "see" the remote client IP, as if it
was the real client IP, your application will have to be aware of the
X-Forwarded-For. Depending on what technology you are using on the
backend, the answer may be different about how to make your backend be
aware of X-Forwarded-For header. Regardless of the technology, you
probably should read up on the XFF entry at wikipedia:
http://en.wikipedia.org/wiki/X-Forwarded-For
And again, regardless of the tech, the HTTP request will contain the
X-Forwarded-For header. On my java projects, I use xebia-france
XForwardedFilter at:
http://code.google.com/p/xebia-france/wiki/XForwardedFilter

YMMV,

RJ>
RJ> Ryan
RJ>

Cheers,
--
Haroon Rafique
<haroon.rafique [at] utoronto>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended
recipient, please notify the sender immediately by
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


Ruiyuan_Jiang at liz

Dec 1, 2009, 7:32 AM

Post #8 of 16 (2671 views)
Permalink
RE: Passing remote client IP address to backend server and session stickness [In reply to]

Hi, Haroon

I read http://en.wikipedia.org/wiki/X-Forwarded-For yesterday and I did not see Apache listed there. I saw squid, bluecoat, etc. listed there so I was thinking to test squid with the feature. What is your suggestion? Thanks.

Ryan

-----Original Message-----
From: Haroon Rafique [mailto:haroon.rafique [at] utoronto]
Sent: Tuesday, December 01, 2009 10:23 AM
To: users [at] httpd
Subject: RE: [users [at] http] Passing remote client IP address to backend server and session stickness

On Today at 10:09am, RJ=>Ruiyuan Jiang <Ruiyuan_Jiang [at] liz> wrote:

RJ> Hi, Haroon
RJ>
RJ> I see that also but I don't know how to use them. I put the statement
RJ> into my vhost of Apache reverse proxy and the apache complaining they
RJ> are wrong statement, etc.
RJ>

Hi Ryan,

X-Forwarded-For is not a statement that goes inside the httpd.conf. The
documentation page is just telling you that these headers are already
available to you, if you are using reverse-proxy.

RJ>
RJ> <virtualhost>
RJ>
RJ> ...
RJ> Proxyrequst off
RJ> .....
RJ> X-Forwarded-For
RJ> ....
RJ> </virtualhost>
RJ>

So, don't put the X-Forwarded-For statement there.

RJ>
RJ> Is above the correct way to use it? I am not much care about the
RJ> remote IP being logged in the Apache log but I am care about the
RJ> remote client IP being forwarded to the backend server since our
RJ> backend server will decide what to do based on the remote client IP.
RJ> Thanks.
RJ>

For the backend server to be able to "see" the remote client IP, as if it
was the real client IP, your application will have to be aware of the
X-Forwarded-For. Depending on what technology you are using on the
backend, the answer may be different about how to make your backend be
aware of X-Forwarded-For header. Regardless of the technology, you
probably should read up on the XFF entry at wikipedia:
http://en.wikipedia.org/wiki/X-Forwarded-For
And again, regardless of the tech, the HTTP request will contain the
X-Forwarded-For header. On my java projects, I use xebia-france
XForwardedFilter at:
http://code.google.com/p/xebia-france/wiki/XForwardedFilter

YMMV,

RJ>
RJ> Ryan
RJ>

Cheers,
--
Haroon Rafique
<haroon.rafique [at] utoronto>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended
recipient, please notify the sender immediately by
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


haroon.rafique at utoronto

Dec 1, 2009, 7:57 AM

Post #9 of 16 (2673 views)
Permalink
RE: Passing remote client IP address to backend server and session stickness [In reply to]

On Today at 10:29am, RJ=>Ruiyuan Jiang <Ruiyuan_Jiang [at] liz> wrote:

RJ> Hi, Haroon
RJ>
RJ> Thanks for the reply. Do you mean they are automatically activated for
RJ> reverse proxy?

Yes.

RJ>
RJ> Unfortunately it does not work for me if they are activated.
RJ>

What does not work? The X-Forwarded-For header *is* there and that's where
the automatic part ends. Is your application looking for it? Looking for
it in what way?

RJ>
RJ> My backend server will be Oracle 9iAS or Oracle 10gAS.
RJ>

Seems like you are on the java platform. How about deploying a test
servlet? or a jsp as follows:

<%= request.getHeader("X-Forwarded-For") %>

On an aside, mod_remoteip does all of the address figuring out in apache
land. AFAIK, it is only bundled with apache 2.3. I see that you are asking
on another thread about how to include mod_remoteip in apache 2.2 land.

Again, I can only tell you about my experiences. I use apache 2.2.x with
mod_proxy in a reverse-proxy configruation. For my java app, I use
xebia-france XForwardedFilter (which is a java port of mod_remoteip).

RJ>
RJ> Ryan
RJ>

Cheers,
--
Haroon Rafique
<haroon.rafique [at] utoronto>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


Ruiyuan_Jiang at liz

Dec 1, 2009, 8:29 AM

Post #10 of 16 (2663 views)
Permalink
RE: Passing remote client IP address to backend server and session stickness [In reply to]

Hi, Haroon

Where do you see Apache 2.3? I don't see on the office Apache web site.
Also where should I apply:

<%= request.getHeader("X-Forwarded-For") %>

In my Apache reverse proxy server? Thanks.

Ryan

-----Original Message-----
From: Haroon Rafique [mailto:haroon.rafique [at] utoronto]
Sent: Tuesday, December 01, 2009 10:57 AM
To: users [at] httpd
Subject: RE: [users [at] http] Passing remote client IP address to backend server and session stickness

On Today at 10:29am, RJ=>Ruiyuan Jiang <Ruiyuan_Jiang [at] liz> wrote:

RJ> Hi, Haroon
RJ>
RJ> Thanks for the reply. Do you mean they are automatically activated for
RJ> reverse proxy?

Yes.

RJ>
RJ> Unfortunately it does not work for me if they are activated.
RJ>

What does not work? The X-Forwarded-For header *is* there and that's where
the automatic part ends. Is your application looking for it? Looking for
it in what way?

RJ>
RJ> My backend server will be Oracle 9iAS or Oracle 10gAS.
RJ>

Seems like you are on the java platform. How about deploying a test
servlet? or a jsp as follows:

<%= request.getHeader("X-Forwarded-For") %>

On an aside, mod_remoteip does all of the address figuring out in apache
land. AFAIK, it is only bundled with apache 2.3. I see that you are asking
on another thread about how to include mod_remoteip in apache 2.2 land.

Again, I can only tell you about my experiences. I use apache 2.2.x with
mod_proxy in a reverse-proxy configruation. For my java app, I use
xebia-france XForwardedFilter (which is a java port of mod_remoteip).

RJ>
RJ> Ryan
RJ>

Cheers,
--
Haroon Rafique
<haroon.rafique [at] utoronto>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended
recipient, please notify the sender immediately by
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


tevans.uk at googlemail

Dec 1, 2009, 8:50 AM

Post #11 of 16 (2666 views)
Permalink
Re: Passing remote client IP address to backend server and session stickness [In reply to]

On Tue, Dec 1, 2009 at 4:29 PM, Ruiyuan Jiang <Ruiyuan_Jiang [at] liz> wrote:
> Hi, Haroon
>
> Where do you see Apache 2.3? I don't see on the office Apache web site.
> Also where should I apply:
>
> <%= request.getHeader("X-Forwarded-For") %>
>
> In my Apache reverse proxy server? Thanks.
>
> Ryan
>

Apache 2.3 is apache development branch.

When apache acts as a reverse proxy it automatically adds the
X-Forwarded-For header to the incoming request. It does this
automatically, it is part of what reverse proxies do.

Your application server can see this header and update itself to use
the IP address in this header as the 'real' IP address of the
connection.

mod_remoteip is an apache module in apache 2.3 that does this. For you
to use this, your application server must be apache.

It seems like your application server is not apache, it is some sort
of java application server. mod_remoteip would not be a solution for
that. Simply stfw for 'x-forwarded-for <name of your app server>' for
potential solutions:

http://lmgtfy.com/?q=oracle+10+x-forwarded-for
http://lmgtfy.com/?q=oracle+9+x-forwarded-for

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


haroon.rafique at utoronto

Dec 1, 2009, 8:54 AM

Post #12 of 16 (2663 views)
Permalink
RE: Passing remote client IP address to backend server and session stickness [In reply to]

On Today at 11:29am, RJ=>Ruiyuan Jiang <Ruiyuan_Jiang [at] liz> wrote:

RJ> Hi, Haroon
RJ>
RJ> Where do you see Apache 2.3? I don't see on the office Apache web site.


As of yet unreleased. If I remember correctly, 2.3 will be the unstable
branch and 2.4 (when released) will be the stable version.


RJ> Also where should I apply:
RJ>
RJ> <%= request.getHeader("X-Forwarded-For") %>
RJ>
RJ> In my Apache reverse proxy server? Thanks.
RJ>

No, that is the content of .jsp which you could deploy on your Oracle app
server. Are you a java developer or sysadmin? If not a java developer,
then ask your java devs for some help.

RJ> Ryan
RJ>

Later,
--
Haroon Rafique
<haroon.rafique [at] utoronto>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


Ruiyuan_Jiang at liz

Dec 1, 2009, 8:56 AM

Post #13 of 16 (2668 views)
Permalink
RE: Passing remote client IP address to backend server and session stickness [In reply to]

I am a sysadmin, Haroon. Thanks.


-----Original Message-----
From: Haroon Rafique [mailto:haroon.rafique [at] utoronto]
Sent: Tuesday, December 01, 2009 11:55 AM
To: users [at] httpd
Subject: RE: [users [at] http] Passing remote client IP address to backend server and session stickness

On Today at 11:29am, RJ=>Ruiyuan Jiang <Ruiyuan_Jiang [at] liz> wrote:

RJ> Hi, Haroon
RJ>
RJ> Where do you see Apache 2.3? I don't see on the office Apache web site.


As of yet unreleased. If I remember correctly, 2.3 will be the unstable
branch and 2.4 (when released) will be the stable version.


RJ> Also where should I apply:
RJ>
RJ> <%= request.getHeader("X-Forwarded-For") %>
RJ>
RJ> In my Apache reverse proxy server? Thanks.
RJ>

No, that is the content of .jsp which you could deploy on your Oracle app
server. Are you a java developer or sysadmin? If not a java developer,
then ask your java devs for some help.

RJ> Ryan
RJ>

Later,
--
Haroon Rafique
<haroon.rafique [at] utoronto>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended
recipient, please notify the sender immediately by
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


Ruiyuan_Jiang at liz

Dec 1, 2009, 9:01 AM

Post #14 of 16 (2658 views)
Permalink
RE: Passing remote client IP address to backend server and session stickness [In reply to]

Thanks, Tom

I will check with my developers here. By the way, is apache done differently for X-Forwarded-For than the rest reverse proxy vendors?

Ryan

-----Original Message-----
From: Tom Evans [mailto:tevans.uk [at] googlemail]
Sent: Tuesday, December 01, 2009 11:51 AM
To: users [at] httpd
Subject: Re: [users [at] http] Passing remote client IP address to backend server and session stickness

On Tue, Dec 1, 2009 at 4:29 PM, Ruiyuan Jiang <Ruiyuan_Jiang [at] liz> wrote:
> Hi, Haroon
>
> Where do you see Apache 2.3? I don't see on the office Apache web site.
> Also where should I apply:
>
> <%= request.getHeader("X-Forwarded-For") %>
>
> In my Apache reverse proxy server? Thanks.
>
> Ryan
>

Apache 2.3 is apache development branch.

When apache acts as a reverse proxy it automatically adds the
X-Forwarded-For header to the incoming request. It does this
automatically, it is part of what reverse proxies do.

Your application server can see this header and update itself to use
the IP address in this header as the 'real' IP address of the
connection.

mod_remoteip is an apache module in apache 2.3 that does this. For you
to use this, your application server must be apache.

It seems like your application server is not apache, it is some sort
of java application server. mod_remoteip would not be a solution for
that. Simply stfw for 'x-forwarded-for <name of your app server>' for
potential solutions:

http://lmgtfy.com/?q=oracle+10+x-forwarded-for
http://lmgtfy.com/?q=oracle+9+x-forwarded-for

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended
recipient, please notify the sender immediately by
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


tevans.uk at googlemail

Dec 1, 2009, 9:03 AM

Post #15 of 16 (2667 views)
Permalink
Re: Passing remote client IP address to backend server and session stickness [In reply to]

On Tue, Dec 1, 2009 at 5:01 PM, Ruiyuan Jiang <Ruiyuan_Jiang [at] liz> wrote:
> Thanks, Tom
>
> I will check with my developers here. By the way, is apache done differently for X-Forwarded-For than the rest reverse proxy vendors?
>
> Ryan
>

No.

Cheers

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


Ruiyuan_Jiang at liz

Dec 4, 2009, 8:00 AM

Post #16 of 16 (2582 views)
Permalink
RE: Passing remote client IP address to backend server and session stickness [In reply to]

Hi, Haroon and Tom

I think I found the problem but I have to wait for backend Oracle DB to make a change to test.

But it seems nobody answers my question 2.

Ryan

-----Original Message-----
From: Haroon Rafique [mailto:haroon.rafique [at] utoronto]
Sent: Tuesday, December 01, 2009 10:57 AM
To: users [at] httpd
Subject: RE: [users [at] http] Passing remote client IP address to backend server and session stickness

On Today at 10:29am, RJ=>Ruiyuan Jiang <Ruiyuan_Jiang [at] liz> wrote:

RJ> Hi, Haroon
RJ>
RJ> Thanks for the reply. Do you mean they are automatically activated for
RJ> reverse proxy?

Yes.

RJ>
RJ> Unfortunately it does not work for me if they are activated.
RJ>

What does not work? The X-Forwarded-For header *is* there and that's where
the automatic part ends. Is your application looking for it? Looking for
it in what way?

RJ>
RJ> My backend server will be Oracle 9iAS or Oracle 10gAS.
RJ>

Seems like you are on the java platform. How about deploying a test
servlet? or a jsp as follows:

<%= request.getHeader("X-Forwarded-For") %>

On an aside, mod_remoteip does all of the address figuring out in apache
land. AFAIK, it is only bundled with apache 2.3. I see that you are asking
on another thread about how to include mod_remoteip in apache 2.2 land.

Again, I can only tell you about my experiences. I use apache 2.2.x with
mod_proxy in a reverse-proxy configruation. For my java app, I use
xebia-france XForwardedFilter (which is a java port of mod_remoteip).

RJ>
RJ> Ryan
RJ>

Cheers,
--
Haroon Rafique
<haroon.rafique [at] utoronto>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended
recipient, please notify the sender immediately by
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd

Apache users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.