RPAFproxy_ips are not properly filtered out
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libapache2-mod-rpaf (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
description
=========
In case of multiple proxies in series, mod_rpaf does not take the correct ip address to fill out REMOTE_ADDR.
It takes the _last_ ip address,
it shoud however take the _last_ ip that is not RPAFproxy_ips.
steps to reproduce
===============
rpaf.conf
<IfModule mod_rpaf-2.0.c>
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1 ::1
</IfModule>
Have two proxies in series, both adjust header X-Forwarded-For
The https header arriving at apache is: X-Forwarded-For: 92.243.6.7, 127.0.0.1
expected result
=============
REMOTE_ADDRES = 92.243.6.7
It should not take 127.0.0.1 as that is in RPAFproxy_ips
actual result
==========
REMOTE_ADDRESS = 127.0.0.1
It does work correctly when only a single proxy is used.
So when the header is X-Forwarded-For: 92.243.6.7 -> REMOTE_ADDRESS is set correctly
version
======
ubuntu LTS 12.04
libapache2-mod-rpaf 0.6-2
details
======
It seems an old bug (fixed in 5.3) somehow reappered.
-- Pavel V. Rochnyack <email address hidden> Mon, 02 Nov 2009 13:15:17 +0600
libapache2-mod-rpaf (0.5-3) unstable; urgency=low
....
* Get last address in the header which is not in RPAFproxy_ips. Closes: #377190.
Please, test this patch: anonscm. debian. org/gitweb/ ?p=collab- maint/libapache 2-mod-rpaf. git;a=blob; f=debian/ patches/ 010_multiple_ proxies. patch
http://