proxypass IPv4-over-IPv6 excludes X-Forwarded-For header

Bug #1895877 reported by ñull on 2020-09-16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)

Bug Description

Ubuntu 18.04.5 LTS
apache2 2.4.29-1ubuntu4.14

A IPv4 client accesses an Apache2 server configured with proxypass to a IPv6 capable backend. X-Forwarded-For header with the IPv4 is not passed to the backend. Work around is to force IPv4 with ProxySourceAddress <IPv4-address>. Expected behaviour is that it would pass the client's IPv4 without the work around. Even though the Proxy backend connection is IPv6, this does not mean that the X-Forwarded-For header becomes null. Documentation highlighted statement seems to underline this:

"IPv4-over-IPv6 Mapped Addresses
As with httpd in general, any IPv4-over-IPv6 mapped addresses are recorded in their IPv4 representation"

Revision history for this message
Paride Legovini (paride) wrote :

Hello and thanks for your bug report.

I didn't try to setup a reproducer, however this sounds like an upstream limitation of bug of apache2. If this is actually a bug, the actions we can take in Ubuntu to fix it very much depend on whether the bug has an upstream fix or not. A first step in this direction is checking if the bug is still present in Ubuntu 20.04, the latest LTS release. This is a coarse step, but should be reasonably easy to take and bounds the problem.

Are you willing to test your setup using proxypass on Ubuntu 20.04 and report back with your findings? Waiting for your reply I'm setting the status of this report to Incomplete, please change it back to New after commenting back and we'll look at it again. Thanks!

Changed in apache2 (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for apache2 (Ubuntu) because there has been no activity for 60 days.]

Changed in apache2 (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers