Trouble with getting REMOTE_ADDR in Apache2 + mod_security from frontend reverse proxy

Trouble with getting REMOTE_ADDR in Apache2 + mod_security from frontend reverse proxy

am 17.08.2007 07:57:51 von vladimir

I use Nginx (listen IP x.x.x.x) as frontend and Apache-2.2.4 (listen
IP 127.0.0.1) + mod_security-2.1.1-r1 as backend. OS Gentoo Linux.
Mod_rpaf get "X-Forwarded-For" from Nginx and set REMOTE_ADDR from it
on Apache.
Apache see all requests as real clients IP.
But mod_security don't see this new REMOTE_ADDR. Mod_security see all
requests as from 127.0.0.1 and they can't be filtrable by client IP
conditions.

The same configuration with Nginx, Apache-1.3.37 and
mod_security-1.9.4 works fine.