Passing remote client IP address to backend server and sessionstickness

Hi, all

Question 1: Is there a way to pass Internet users' IP address to backend se=
rver through Apache reverse proxy server? I am testing that feature so far =
no luck. My backend server gets Apache proxy server's IP address. But I'd l=
ike to have Internet users' IP being passed through Apache. This is http re=
quest.

Question 2: I am testing another Apache reverse proxy which proxies two bac=
kend https servers. I am trying to use mod_proxy_balancer.


Balancermember https://192.168.1.1:443 keepalive=3Don
Balancermember https://192.168.1.2:443 keepalive=3Don


Proxypass /test balancer:mycluster/

When I test to access the site, I got login prompt from first server which =
I saw from access log. I typed in login name and password. I got the login =
prompt back but from the log I saw the connectivity was back from server 2.=
It seems to me like round robin connection to backend server by Apache. I =
tried with keyword "JSESSION" but no luck. Does anyone know how to configur=
e Apache so the same connection always goes through the same backend https =
(http) server. Thanks in advance.

Ryan Jiang



This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended=20
recipient, please notify the sender immediately by=20
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Passing remote client IP address to backend serverand session stickness

On Today at 4:37pm, RJ=>Ruiyuan Jiang wrote:

RJ> Hi, all
RJ>
RJ> Question 1: Is there a way to pass Internet users' IP address to
RJ> backend server through Apache reverse proxy server? I am testing that
RJ> feature so far no luck. My backend server gets Apache proxy server's
RJ> IP address. But I'd like to have Internet users' IP being passed
RJ> through Apache. This is http request.
RJ>

Hi Ruiyan,

See:
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#x-header s
you are interested in the X-Forwarde-For header.
Once you get it to your backend server, then you will need to figure out
how to get the information from that header into your logs (or whereever
else). You may need to take extra care as multiple proxies can be in the
path, so only trust this information if coming straight from your own
reverse proxy.

RJ>
RJ> [..snip..]
RJ>

Later,
--
Haroon Rafique



------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Passing remote client IP address to backend serverand session stickness

I realize I just answered you, but in response to your explicit and
specific questions;

Ruiyuan Jiang wrote:
>
> Question 1: Is there a way to pass Internet users' IP address to backend server through Apache reverse proxy server? I am testing that feature so far no luck. My backend server gets Apache proxy server's IP address. But I'd like to have Internet users' IP being passed through Apache. This is http request.

Only if this information has been shared with you by the upstream proxy
or router/gateway/forward proxy. E.g. - what mod_remoteip is designed
to decode, ---when the information is presented---.

> Question 2: I am testing another Apache reverse proxy which proxies two backend https servers. I am trying to use mod_proxy_balancer.
>
>
> Balancermember https://192.168.1.1:443 keepalive=on
> Balancermember https://192.168.1.2:443 keepalive=on
>
>
> Proxypass /test balancer:mycluster/
>
> When I test to access the site, I got login prompt from first server which I saw from access log. I typed in login name and password. I got the login prompt back but from the log I saw the connectivity was back from server 2. It seems to me like round robin connection to backend server by Apache. I tried with keyword "JSESSION" but no luck. Does anyone know how to configure Apache so the same connection always goes through the same backend https (http) server. Thanks in advance.

Are you forgetting your ProxyPassReverse statements? As of the current
version, the syntax above (but wtf happened to your // before mycluster???)
would work just fine for a ProxyPassReverse rule.

> This message (including any attachments) is intended
> solely for the specific individual(s) or entity(ies) named
> above, and may contain legally privileged and
> confidential information. If you are not the intended
> recipient, please notify the sender immediately by
> replying to this message and then delete it.
> Any disclosure, copying, or distribution of this message,
> or the taking of any action based on it, by other than the
> intended recipient, is strictly prohibited.

You have emailed a public list. Your intended individuals are the world.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: Passing remote client IP address to backendserver and session stickness

Hi, Haroon

I see that also but I don't know how to use them. I put the statement into =
my vhost of Apache reverse proxy and the apache complaining they are wrong =
statement, etc.




....
Proxyrequst off
......
X-Forwarded-For
.....


Is above the correct way to use it? I am not much care about the remote IP =
being logged in the Apache log but I am care about the remote client IP bei=
ng forwarded to the backend server since our backend server will decide wha=
t to do based on the remote client IP. Thanks.

Ryan


-----Original Message-----
From: Haroon Rafique [mailto:haroon.rafique@utoronto.ca]=20
Sent: Monday, November 30, 2009 7:54 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Passing remote client IP address to backend serv=
er and session stickness

On Today at 4:37pm, RJ=3D>Ruiyuan Jiang wrote:

RJ> Hi, all
RJ>=20
RJ> Question 1: Is there a way to pass Internet users' IP address to=20
RJ> backend server through Apache reverse proxy server? I am testing that=20
RJ> feature so far no luck. My backend server gets Apache proxy server's=20
RJ> IP address. But I'd like to have Internet users' IP being passed=20
RJ> through Apache. This is http request.
RJ>=20

Hi Ruiyan,

See:
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#x-header s
you are interested in the X-Forwarde-For header.
Once you get it to your backend server, then you will need to figure out=20
how to get the information from that header into your logs (or whereever=20
else). You may need to take extra care as multiple proxies can be in the=20
path, so only trust this information if coming straight from your own=20
reverse proxy.

RJ>=20
RJ> [..snip..]
RJ>=20

Later,
--
Haroon Rafique



------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended=20
recipient, please notify the sender immediately by=20
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: Passing remote client IP address to backend serverand session stickness

On Today at 10:09am, RJ=>Ruiyuan Jiang wrote:

RJ> Hi, Haroon
RJ>
RJ> I see that also but I don't know how to use them. I put the statement
RJ> into my vhost of Apache reverse proxy and the apache complaining they
RJ> are wrong statement, etc.
RJ>

Hi Ryan,

X-Forwarded-For is not a statement that goes inside the httpd.conf. The
documentation page is just telling you that these headers are already
available to you, if you are using reverse-proxy.

RJ>
RJ>
RJ>
RJ> ...
RJ> Proxyrequst off
RJ> .....
RJ> X-Forwarded-For
RJ> ....
RJ>
RJ>

So, don't put the X-Forwarded-For statement there.

RJ>
RJ> Is above the correct way to use it? I am not much care about the
RJ> remote IP being logged in the Apache log but I am care about the
RJ> remote client IP being forwarded to the backend server since our
RJ> backend server will decide what to do based on the remote client IP.
RJ> Thanks.
RJ>

For the backend server to be able to "see" the remote client IP, as if it
was the real client IP, your application will have to be aware of the
X-Forwarded-For. Depending on what technology you are using on the
backend, the answer may be different about how to make your backend be
aware of X-Forwarded-For header. Regardless of the technology, you
probably should read up on the XFF entry at wikipedia:
http://en.wikipedia.org/wiki/X-Forwarded-For
And again, regardless of the tech, the HTTP request will contain the
X-Forwarded-For header. On my java projects, I use xebia-france
XForwardedFilter at:
http://code.google.com/p/xebia-france/wiki/XForwardedFilter

YMMV,

RJ>
RJ> Ryan
RJ>

Cheers,
--
Haroon Rafique



------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: Passing remote client IP address to backendserver and session stickness

Hi, William

For your answer to my question 1, current I use BlueCoat reverse proxy whic=
h is passing internet remote client IP to the backend server. We'd like to =
migrate the reverse proxy server to Apache server. The rest network setup h=
as not been changed.=20

For your answer to my question2, it is my fault that I did not post all the=
related statements. Here they are:


BalancerMember https://backend1:443 keepalive=3Don
BalancerMember https://backend2:443 keepalive=3Don

ProxyPass / balancer://backend/
ProxyPassReverse / balancer://backend/ stickysession=3DJSESSI=
ONID|jsessionid

Like I said, the Apache does not stick the https session to one particular =
server for the session.

Ryan Jiang

-----Original Message-----
From: William A. Rowe Jr. [mailto:wrowe@rowe-clan.net]=20
Sent: Monday, November 30, 2009 9:14 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Passing remote client IP address to backend serv=
er and session stickness

I realize I just answered you, but in response to your explicit and
specific questions;

Ruiyuan Jiang wrote:
>=20
> Question 1: Is there a way to pass Internet users' IP address to backend =
server through Apache reverse proxy server? I am testing that feature so fa=
r no luck. My backend server gets Apache proxy server's IP address. But I'd=
like to have Internet users' IP being passed through Apache. This is http =
request.

Only if this information has been shared with you by the upstream proxy
or router/gateway/forward proxy. E.g. - what mod_remoteip is designed
to decode, ---when the information is presented---.

> Question 2: I am testing another Apache reverse proxy which proxies two b=
ackend https servers. I am trying to use mod_proxy_balancer.
>=20
>
> Balancermember https://192.168.1.1:443 keepalive=3Don
> Balancermember https://192.168.1.2:443 keepalive=3Don
>
>=20
> Proxypass /test balancer:mycluster/
>=20
> When I test to access the site, I got login prompt from first server whic=
h I saw from access log. I typed in login name and password. I got the logi=
n prompt back but from the log I saw the connectivity was back from server =
2. It seems to me like round robin connection to backend server by Apache. =
I tried with keyword "JSESSION" but no luck. Does anyone know how to config=
ure Apache so the same connection always goes through the same backend http=
s (http) server. Thanks in advance.

Are you forgetting your ProxyPassReverse statements? As of the current
version, the syntax above (but wtf happened to your // before mycluster???)
would work just fine for a ProxyPassReverse rule.

> This message (including any attachments) is intended
> solely for the specific individual(s) or entity(ies) named
> above, and may contain legally privileged and
> confidential information. If you are not the intended=20
> recipient, please notify the sender immediately by=20
> replying to this message and then delete it.
> Any disclosure, copying, or distribution of this message,
> or the taking of any action based on it, by other than the
> intended recipient, is strictly prohibited.

You have emailed a public list. Your intended individuals are the world.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended=20
recipient, please notify the sender immediately by=20
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: Passing remote client IP address to backendserver and session stickness

Hi, Haroon

Thanks for the reply. Do you mean they are automatically activated for reve=
rse proxy? Unfortunately it does not work for me if they are activated. My =
backend server will be Oracle 9iAS or Oracle 10gAS.

Ryan

-----Original Message-----
From: Haroon Rafique [mailto:haroon.rafique@utoronto.ca]=20
Sent: Tuesday, December 01, 2009 10:23 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Passing remote client IP address to backend serv=
er and session stickness

On Today at 10:09am, RJ=3D>Ruiyuan Jiang wrote:

RJ> Hi, Haroon
RJ>=20
RJ> I see that also but I don't know how to use them. I put the statement=20
RJ> into my vhost of Apache reverse proxy and the apache complaining they=20
RJ> are wrong statement, etc.
RJ>=20

Hi Ryan,

X-Forwarded-For is not a statement that goes inside the httpd.conf. The=20
documentation page is just telling you that these headers are already=20
available to you, if you are using reverse-proxy.

RJ>=20
RJ>
RJ>=20
RJ> ...
RJ> Proxyrequst off
RJ> .....
RJ> X-Forwarded-For
RJ> ....
RJ>
RJ>=20

So, don't put the X-Forwarded-For statement there.

RJ>=20
RJ> Is above the correct way to use it? I am not much care about the=20
RJ> remote IP being logged in the Apache log but I am care about the=20
RJ> remote client IP being forwarded to the backend server since our=20
RJ> backend server will decide what to do based on the remote client IP.=20
RJ> Thanks.
RJ>=20

For the backend server to be able to "see" the remote client IP, as if it=20
was the real client IP, your application will have to be aware of the=20
X-Forwarded-For. Depending on what technology you are using on the=20
backend, the answer may be different about how to make your backend be=20
aware of X-Forwarded-For header. Regardless of the technology, you=20
probably should read up on the XFF entry at wikipedia:
http://en.wikipedia.org/wiki/X-Forwarded-For
And again, regardless of the tech, the HTTP request will contain the=20
X-Forwarded-For header. On my java projects, I use xebia-france=20
XForwardedFilter at:
http://code.google.com/p/xebia-france/wiki/XForwardedFilter

YMMV,

RJ>=20
RJ> Ryan
RJ>=20

Cheers,
--
Haroon Rafique



------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended=20
recipient, please notify the sender immediately by=20
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: Passing remote client IP address to backendserver and session stickness

Hi, Haroon

I read http://en.wikipedia.org/wiki/X-Forwarded-For yesterday and I did not=
see Apache listed there. I saw squid, bluecoat, etc. listed there so I was=
thinking to test squid with the feature. What is your suggestion? Thanks.

Ryan

-----Original Message-----
From: Haroon Rafique [mailto:haroon.rafique@utoronto.ca]=20
Sent: Tuesday, December 01, 2009 10:23 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Passing remote client IP address to backend serv=
er and session stickness

On Today at 10:09am, RJ=3D>Ruiyuan Jiang wrote:

RJ> Hi, Haroon
RJ>=20
RJ> I see that also but I don't know how to use them. I put the statement=20
RJ> into my vhost of Apache reverse proxy and the apache complaining they=20
RJ> are wrong statement, etc.
RJ>=20

Hi Ryan,

X-Forwarded-For is not a statement that goes inside the httpd.conf. The=20
documentation page is just telling you that these headers are already=20
available to you, if you are using reverse-proxy.

RJ>=20
RJ>
RJ>=20
RJ> ...
RJ> Proxyrequst off
RJ> .....
RJ> X-Forwarded-For
RJ> ....
RJ>
RJ>=20

So, don't put the X-Forwarded-For statement there.

RJ>=20
RJ> Is above the correct way to use it? I am not much care about the=20
RJ> remote IP being logged in the Apache log but I am care about the=20
RJ> remote client IP being forwarded to the backend server since our=20
RJ> backend server will decide what to do based on the remote client IP.=20
RJ> Thanks.
RJ>=20

For the backend server to be able to "see" the remote client IP, as if it=20
was the real client IP, your application will have to be aware of the=20
X-Forwarded-For. Depending on what technology you are using on the=20
backend, the answer may be different about how to make your backend be=20
aware of X-Forwarded-For header. Regardless of the technology, you=20
probably should read up on the XFF entry at wikipedia:
http://en.wikipedia.org/wiki/X-Forwarded-For
And again, regardless of the tech, the HTTP request will contain the=20
X-Forwarded-For header. On my java projects, I use xebia-france=20
XForwardedFilter at:
http://code.google.com/p/xebia-france/wiki/XForwardedFilter

YMMV,

RJ>=20
RJ> Ryan
RJ>=20

Cheers,
--
Haroon Rafique



------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended=20
recipient, please notify the sender immediately by=20
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: Passing remote client IP address to backend serverand session stickness

On Today at 10:29am, RJ=>Ruiyuan Jiang wrote:

RJ> Hi, Haroon
RJ>
RJ> Thanks for the reply. Do you mean they are automatically activated for
RJ> reverse proxy?

Yes.

RJ>
RJ> Unfortunately it does not work for me if they are activated.
RJ>

What does not work? The X-Forwarded-For header *is* there and that's where
the automatic part ends. Is your application looking for it? Looking for
it in what way?

RJ>
RJ> My backend server will be Oracle 9iAS or Oracle 10gAS.
RJ>

Seems like you are on the java platform. How about deploying a test
servlet? or a jsp as follows:

<%= request.getHeader("X-Forwarded-For") %>

On an aside, mod_remoteip does all of the address figuring out in apache
land. AFAIK, it is only bundled with apache 2.3. I see that you are asking
on another thread about how to include mod_remoteip in apache 2.2 land.

Again, I can only tell you about my experiences. I use apache 2.2.x with
mod_proxy in a reverse-proxy configruation. For my java app, I use
xebia-france XForwardedFilter (which is a java port of mod_remoteip).

RJ>
RJ> Ryan
RJ>

Cheers,
--
Haroon Rafique



------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: Passing remote client IP address to backendserver and session stickness

Hi, Haroon

Where do you see Apache 2.3? I don't see on the office Apache web site.
Also where should I apply:

<%=3D request.getHeader("X-Forwarded-For") %>

In my Apache reverse proxy server? Thanks.

Ryan

-----Original Message-----
From: Haroon Rafique [mailto:haroon.rafique@utoronto.ca]=20
Sent: Tuesday, December 01, 2009 10:57 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Passing remote client IP address to backend serv=
er and session stickness

On Today at 10:29am, RJ=3D>Ruiyuan Jiang wrote:

RJ> Hi, Haroon
RJ>=20
RJ> Thanks for the reply. Do you mean they are automatically activated for=20
RJ> reverse proxy?

Yes.

RJ>=20
RJ> Unfortunately it does not work for me if they are activated.
RJ>=20

What does not work? The X-Forwarded-For header *is* there and that's where=20
the automatic part ends. Is your application looking for it? Looking for=20
it in what way?

RJ>=20
RJ> My backend server will be Oracle 9iAS or Oracle 10gAS.
RJ>=20

Seems like you are on the java platform. How about deploying a test=20
servlet? or a jsp as follows:

<%=3D request.getHeader("X-Forwarded-For") %>

On an aside, mod_remoteip does all of the address figuring out in apache=20
land. AFAIK, it is only bundled with apache 2.3. I see that you are asking=20
on another thread about how to include mod_remoteip in apache 2.2 land.

Again, I can only tell you about my experiences. I use apache 2.2.x with=20
mod_proxy in a reverse-proxy configruation. For my java app, I use=20
xebia-france XForwardedFilter (which is a java port of mod_remoteip).

RJ>=20
RJ> Ryan
RJ>=20

Cheers,
--
Haroon Rafique



------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended=20
recipient, please notify the sender immediately by=20
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Passing remote client IP address to backend server

On Tue, Dec 1, 2009 at 4:29 PM, Ruiyuan Jiang wrote:
> Hi, Haroon
>
> Where do you see Apache 2.3? I don't see on the office Apache web site.
> Also where should I apply:
>
> <%= request.getHeader("X-Forwarded-For") %>
>
> In my Apache reverse proxy server? Thanks.
>
> Ryan
>

Apache 2.3 is apache development branch.

When apache acts as a reverse proxy it automatically adds the
X-Forwarded-For header to the incoming request. It does this
automatically, it is part of what reverse proxies do.

Your application server can see this header and update itself to use
the IP address in this header as the 'real' IP address of the
connection.

mod_remoteip is an apache module in apache 2.3 that does this. For you
to use this, your application server must be apache.

It seems like your application server is not apache, it is some sort
of java application server. mod_remoteip would not be a solution for
that. Simply stfw for 'x-forwarded-for ' for
potential solutions:

http://lmgtfy.com/?q=oracle+10+x-forwarded-for
http://lmgtfy.com/?q=oracle+9+x-forwarded-for

Tom

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: Passing remote client IP address to backend serverand session stickness

On Today at 11:29am, RJ=>Ruiyuan Jiang wrote:

RJ> Hi, Haroon
RJ>
RJ> Where do you see Apache 2.3? I don't see on the office Apache web site.


As of yet unreleased. If I remember correctly, 2.3 will be the unstable
branch and 2.4 (when released) will be the stable version.


RJ> Also where should I apply:
RJ>
RJ> <%= request.getHeader("X-Forwarded-For") %>
RJ>
RJ> In my Apache reverse proxy server? Thanks.
RJ>

No, that is the content of .jsp which you could deploy on your Oracle app
server. Are you a java developer or sysadmin? If not a java developer,
then ask your java devs for some help.

RJ> Ryan
RJ>

Later,
--
Haroon Rafique



------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: Passing remote client IP address to backendserver and session stickness

I am a sysadmin, Haroon. Thanks.


-----Original Message-----
From: Haroon Rafique [mailto:haroon.rafique@utoronto.ca]=20
Sent: Tuesday, December 01, 2009 11:55 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Passing remote client IP address to backend serv=
er and session stickness

On Today at 11:29am, RJ=3D>Ruiyuan Jiang wrote:

RJ> Hi, Haroon
RJ>=20
RJ> Where do you see Apache 2.3? I don't see on the office Apache web site.


As of yet unreleased. If I remember correctly, 2.3 will be the unstable=20
branch and 2.4 (when released) will be the stable version.


RJ> Also where should I apply:
RJ>=20
RJ> <%=3D request.getHeader("X-Forwarded-For") %>
RJ>=20
RJ> In my Apache reverse proxy server? Thanks.
RJ>=20

No, that is the content of .jsp which you could deploy on your Oracle app=20
server. Are you a java developer or sysadmin? If not a java developer,=20
then ask your java devs for some help.

RJ> Ryan
RJ>=20

Later,
--
Haroon Rafique



------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended=20
recipient, please notify the sender immediately by=20
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: Passing remote client IP address to backendserver and session stickness

Thanks, Tom

I will check with my developers here. By the way, is apache done differentl=
y for X-Forwarded-For than the rest reverse proxy vendors?=20

Ryan

-----Original Message-----
From: Tom Evans [mailto:tevans.uk@googlemail.com]=20
Sent: Tuesday, December 01, 2009 11:51 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Passing remote client IP address to backend serv=
er and session stickness

On Tue, Dec 1, 2009 at 4:29 PM, Ruiyuan Jiang wrote:
> Hi, Haroon
>
> Where do you see Apache 2.3? I don't see on the office Apache web site.
> Also where should I apply:
>
> <%=3D request.getHeader("X-Forwarded-For") %>
>
> In my Apache reverse proxy server? Thanks.
>
> Ryan
>

Apache 2.3 is apache development branch.

When apache acts as a reverse proxy it automatically adds the
X-Forwarded-For header to the incoming request. It does this
automatically, it is part of what reverse proxies do.

Your application server can see this header and update itself to use
the IP address in this header as the 'real' IP address of the
connection.

mod_remoteip is an apache module in apache 2.3 that does this. For you
to use this, your application server must be apache.

It seems like your application server is not apache, it is some sort
of java application server. mod_remoteip would not be a solution for
that. Simply stfw for 'x-forwarded-for ' for
potential solutions:

http://lmgtfy.com/?q=3Doracle+10+x-forwarded-for
http://lmgtfy.com/?q=3Doracle+9+x-forwarded-for

Tom

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended=20
recipient, please notify the sender immediately by=20
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Passing remote client IP address to backend server

On Tue, Dec 1, 2009 at 5:01 PM, Ruiyuan Jiang wrote:
> Thanks, Tom
>
> I will check with my developers here. By the way, is apache done differently for X-Forwarded-For than the rest reverse proxy vendors?
>
> Ryan
>

No.

Cheers

Tom

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: Passing remote client IP address to backendserver and session stickness

Hi, Haroon and Tom

I think I found the problem but I have to wait for backend Oracle DB to mak=
e a change to test.=20

But it seems nobody answers my question 2.=20

Ryan

-----Original Message-----
From: Haroon Rafique [mailto:haroon.rafique@utoronto.ca]=20
Sent: Tuesday, December 01, 2009 10:57 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Passing remote client IP address to backend serv=
er and session stickness

On Today at 10:29am, RJ=3D>Ruiyuan Jiang wrote:

RJ> Hi, Haroon
RJ>=20
RJ> Thanks for the reply. Do you mean they are automatically activated for=20
RJ> reverse proxy?

Yes.

RJ>=20
RJ> Unfortunately it does not work for me if they are activated.
RJ>=20

What does not work? The X-Forwarded-For header *is* there and that's where=20
the automatic part ends. Is your application looking for it? Looking for=20
it in what way?

RJ>=20
RJ> My backend server will be Oracle 9iAS or Oracle 10gAS.
RJ>=20

Seems like you are on the java platform. How about deploying a test=20
servlet? or a jsp as follows:

<%=3D request.getHeader("X-Forwarded-For") %>

On an aside, mod_remoteip does all of the address figuring out in apache=20
land. AFAIK, it is only bundled with apache 2.3. I see that you are asking=20
on another thread about how to include mod_remoteip in apache 2.2 land.

Again, I can only tell you about my experiences. I use apache 2.2.x with=20
mod_proxy in a reverse-proxy configruation. For my java app, I use=20
xebia-france XForwardedFilter (which is a java port of mod_remoteip).

RJ>=20
RJ> Ryan
RJ>=20

Cheers,
--
Haroon Rafique



------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended=20
recipient, please notify the sender immediately by=20
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org