On a similar note to my last posting, I have found mod-rpaf, reverse proxy add forward module for Apache (mod_rpaf), written by Thomas Eibner. This module works with both apache 1.3 and apache2, but is most interesting to me as an Apache2 module. Since we are running a Debian apache2 package, you can imagine my great pleasure in finding libapache2-mod-rpaf packaged as a Debian package. I simply installed the package:
apt-get install libapache2-mod-rpaf
modified /etc/apache2/mods-enabled/rpaf.conf to reflect the ip addresses of our proxy servers:
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 192.168.1.2 192.168.1.3 192.168.1.4
And, voila! Apache2 could now use the “original client ip” for access control again…
DON’T FORGET! If you have modified your LogFormat directive to replace “%h” (client ip address) with “%{X-Forwarded-For}i”, (contents of x-forwarded-for header), change them back, or your log files will not accurately reflect the changes created by mod-rpaf.
With a little side of applesauce...
Tuesday, January 30, 2007
Subscribe to:
Post Comments (Atom)
©2006 Shannon Eric Peevey

No comments:
Post a Comment