Ubuntu
libapache2-mod-rpaf package

REMOTE_ADDR is not updated, logs ok

Bug #1375778 reported by eljoest
38
This bug affects 7 people
Affects Status Importance Assigned to Milestone
libapache2-mod-rpaf (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Ubuntu 14.04.1 LTS
libapache2-mod-rpaf 0.6-12
apache2: 2.4.7-1ubuntu4.1
libapache2-mod-php5: 5.5.9+dfsg-1ubuntu4.4

* Problem:
The variable REMOTE_ADDR retains the proxy's IP address. The apache logfile shows the actual client IP.

* Details:
Dumping php's $_SERVER variable yields the following (relevant) entries:
HTTP_X_FORWARDED_PROTO=https
HTTP_X_FORWARDED_FOR=79.251.29.XXX
REMOTE_ADDR=192.168.55.1
REQUEST_SCHEME=https

I have enabled RPAF in /etc/apache2/mods-enabled/rpaf.conf and set the following additional option:
RPAFproxy_ips 192.168.55.1

The access.log with the correct IP uses the LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined.

I'm using a debian host with mod-praf 0.6-7+wheezy1, php 5.4.4-14+deb7u14, apache 2.2.22-13+deb7u3 and identical configuration behind the same proxy without issues.

Might be related to Bug #1191076 iff rpaf is intercepting the request "too late".

See original description
eljoest (eljoest)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libapache2-mod-rpaf (Ubuntu):
status: New → Confirmed
Revision history for this message
Bryan Agee (bryanagee) wrote :

@elijoest : did you find a workaround?

Revision history for this message
Bryan Agee (bryanagee) wrote :

For anyone else needing a fix, this can be run in your bootstrap/config:
<?php //bootstrap.php, etc.

        // HACK: workaround for intermittent bug in libapache2-mod-rpaf 0.6-12
        // ( https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-rpaf/+bug/1375778 )
        if (in_array($_SERVER["REMOTE_ADDR"], ['192.168.55.1',/* other addresses here */])
                && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
            $_SERVER["REMOTE_ADDR"] = $_SERVER['HTTP_X_FORWARDED_FOR'];
        }

Revision history for this message
Sergey B Kirpichev (skirpichev) wrote :

@eljoest
could you try latest patches in the debian repo?

This should solve your issue:
http://anonscm.debian.org/cgit/collab-maint/libapache2-mod-rpaf.git/commit/?id=0f36730a5ab286980ff893c245f3765cfae4a14c

This to keep old LogFormat (otherwise %h will not print proxied IP, but you could use %a in LogFormat instead of this patch):
http://anonscm.debian.org/cgit/collab-maint/libapache2-mod-rpaf.git/commit/?id=9e8c30d4efd4e616a5886f151e421084202fc486

btw, why you don't use remoteip module?!

Revision history for this message
Martin PANEL (mortin) wrote :

The current stable version is bogous now.
Please release the fix.

Should we stop using rpaf module, and use remoteip module ?
Comparing to mod_rapf, the mod_remoteip documentation is very unclear.

Revision history for this message
Adam Strawson (adamstrawson) wrote :

Has there been any progress on this? Seems like quite a fundamental flaw in rpaf..

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.