At 14:19 14/09/2001 +0800, Fritz Mesedilla wrote:
My setup right now has apache in front then zope. When I do a <dtml-var REMOTE_ADDR> it gives the address of the apache server. Is there a way to get the address of the visitor and not the apache server?
There is a patch for Apache which leads it, when acting as a Proxy, to forward the incoming request information it is seeing in an HTTP VIA header (See RFC2616) which it adds to the request. There is info about this patch at http://www.zope.org/Members/unfo/apache_zserver_ssl but I've not yet used it myself. Using this makes things a bit messy, which is why I'm not going with it yet, as you would have to look in REMOTE_ADDR and if that contained your Proxy Apache's IP number then test against the VIA header. The problem is that this HTTP header was not intended for forwarding information about the originating client but for adding information about intermediate proxies and gateways that have handled the incoming request. Depending on how the patch is implemented, i.e. does it add information to any pre-existing VIA header or replace it, the header could contain information about other intermediate Proxies. Probably the best you can do is determine that the request originated outside your domain rather than getting an absolute determination of the ultimate client's IP number. Bear in mind that if the incoming request came through another proxy server your Apache Proxy would see the request as coming from that other proxy's IP number and have no way of determining the ultimate origin of the request. Best of luck.
Thanks.
Fritz Mesedilla Systems Administrator
Summit Interactive, Inc. FHM | Seventeen | Candy | Cosmopolitan | Preview | Good Housekeeping femalenetwork.com | candymag.com | fhm.com.ph | cosmo.com.ph
Palm Pilot Software: TVSked - Download from the link below ---------------------------------------------------------------------------- http://mesedilla.tripod.com +Basta Ikaw Lord
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
On Fri, 2001-09-14 at 01:17, Richard Barrett wrote:
At 14:19 14/09/2001 +0800, Fritz Mesedilla wrote:
My setup right now has apache in front then zope. When I do a <dtml-var REMOTE_ADDR> it gives the address of the apache server. Is there a way to get the address of the visitor and not the apache server?
There is a patch for Apache which leads it, when acting as a Proxy, to forward the incoming request information it is seeing in an HTTP VIA header (See RFC2616) which it adds to the request. There is info about this patch at http://www.zope.org/Members/unfo/apache_zserver_ssl but I've not yet used it myself.
I don't think the patch is needed anymore. I have a proxy_pass server setup, and use the "ProxyVia Full" directive. Not only can I use <dtml-var REMOTE_ADDR>, but the original IP also shows up in the Z2.log file. Apache version is 1.3.19-5 (Included in RH 7.1). Bill Anderson
Greetings Bill! Is it possible to use ProxyVia with mod_rewrite since we use rewrite to hide the port number and folder of the zope websites? Thanks. Fritz Mesedilla Systems Administrator Summit Interactive, Inc. FHM | Seventeen | Candy | Cosmopolitan | Preview | Good Housekeeping femalenetwork.com | candymag.com | fhm.com.ph | cosmo.com.ph Palm Pilot Software: TVSked - Download from the link below ---------------------------------------------------------------------------- http://mesedilla.tripod.com +Basta Ikaw Lord -----Original Message----- From: Bill Anderson [mailto:bill@immosys.com] Sent: Sunday, September 16, 2001 1:36 AM To: Richard Barrett Cc: fritz.mesedilla@summitmedia.com.ph; Zope Mailing List Subject: Re: [Zope] remote address On Fri, 2001-09-14 at 01:17, Richard Barrett wrote:
At 14:19 14/09/2001 +0800, Fritz Mesedilla wrote:
My setup right now has apache in front then zope. When I do a <dtml-var REMOTE_ADDR> it gives the address of the apache server. Is there a way to get the address of the visitor and not the apache server?
There is a patch for Apache which leads it, when acting as a Proxy, to forward the incoming request information it is seeing in an HTTP VIA header (See RFC2616) which it adds to the request. There is info about this patch at http://www.zope.org/Members/unfo/apache_zserver_ssl but I've not yet used it myself.
I don't think the patch is needed anymore. I have a proxy_pass server setup, and use the "ProxyVia Full" directive. Not only can I use <dtml-var REMOTE_ADDR>, but the original IP also shows up in the Z2.log file. Apache version is 1.3.19-5 (Included in RH 7.1). Bill Anderson
On Mon, Sep 17, 2001 at 11:35:24AM +0800, Fritz Mesedilla wrote:
Is it possible to use ProxyVia with mod_rewrite since we use rewrite to hide the port number and folder of the zope websites?
I haven't tried it yet, but it looks like if you use the [P] directive in your RewriteRules, it'll hand it off to mod_proxy, and in that case you'd get access to the ProxyVia stuff. -- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- renfro@tntech.edu
yes i do use [P] as a matter of fact i use [P,L]. i'll check on that. thanks. Fritz Mesedilla Systems Administrator Summit Interactive, Inc. FHM | Seventeen | Candy | Cosmopolitan | Preview | Good Housekeeping femalenetwork.com | candymag.com | fhm.com.ph | cosmo.com.ph Palm Pilot Software: TVSked - Download from the link below ---------------------------------------------------------------------------- http://mesedilla.tripod.com +Basta Ikaw Lord -----Original Message----- From: Mike Renfro [mailto:renfro@tntech.edu] Sent: Monday, September 17, 2001 9:19 PM To: Fritz Mesedilla Cc: Zope Mailing List Subject: Re: [Zope] remote address On Mon, Sep 17, 2001 at 11:35:24AM +0800, Fritz Mesedilla wrote:
Is it possible to use ProxyVia with mod_rewrite since we use rewrite to hide the port number and folder of the zope websites? I haven't tried it yet, but it looks like if you use the [P] directive in your RewriteRules, it'll hand it off to mod_proxy, and in that case you'd get access to the ProxyVia stuff. -- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- renfro@tntech.edu
On Mon, 17 Sep 2001, Mike Renfro wrote:
On Mon, Sep 17, 2001 at 11:35:24AM +0800, Fritz Mesedilla wrote:
Is it possible to use ProxyVia with mod_rewrite since we use rewrite to hide the port number and folder of the zope websites?
I haven't tried it yet, but it looks like if you use the [P] directive in your RewriteRules, it'll hand it off to mod_proxy, and in that case you'd get access to the ProxyVia stuff.
Won't you still have the problem that your REQUEST will still contain the proxy itself, not the actual machine requesting the Web page? That's what I get anyway. Last I heard, you need to patch Apache to get it to send another HTTP header with the "real" requester information. Is this still true? (I'm using Apache 1.3.9, BTW) -Tim -- Tim Wilson | Visit Sibley online: | Check out: Henry Sibley HS | http://www.isd197.org | http://www.zope.com W. St. Paul, MN | | http://slashdot.org wilson@visi.com | <dtml-var pithy_quote> | http://linux.com
On Wed, 2001-09-26 at 09:57, Timothy Wilson wrote:
On Mon, 17 Sep 2001, Mike Renfro wrote:
On Mon, Sep 17, 2001 at 11:35:24AM +0800, Fritz Mesedilla wrote:
Is it possible to use ProxyVia with mod_rewrite since we use rewrite to hide the port number and folder of the zope websites?
I haven't tried it yet, but it looks like if you use the [P] directive in your RewriteRules, it'll hand it off to mod_proxy, and in that case you'd get access to the ProxyVia stuff.
Won't you still have the problem that your REQUEST will still contain the proxy itself, not the actual machine requesting the Web page? That's what I get anyway. Last I heard, you need to patch Apache to get it to send another HTTP header with the "real" requester information.
Is this still true? (I'm using Apache 1.3.9, BTW)
You missed a post or two. :) I have mod_proxy and use the ProxyVia Full directive, and the REMOTE_ADDR is the one of the browser (or their proxy if extant), not my proxy. I did not need to patch Apache, using Apache v. apache-1.3.19-5. I cannot say if 1.3.9 needs the patch or not. Bill
On 26 Sep 2001, Bill Anderson wrote:
I have mod_proxy and use the ProxyVia Full directive, and the REMOTE_ADDR is the one of the browser (or their proxy if extant), not my proxy. I did not need to patch Apache, using Apache v. apache-1.3.19-5. I cannot say if 1.3.9 needs the patch or not.
I don't think apache 1.3.9 supports this. I tried your suggestion, but nothing different happened. My server runs Debian 2.2 which uses 1.3.9. I've been waiting to upgrade the box until the next official Debian release. Can anyone running Debian 2.2 say for sure whether this is the problem? -Tim -- Tim Wilson | Visit Sibley online: | Check out: Henry Sibley HS | http://www.isd197.org | http://www.zope.com W. St. Paul, MN | | http://slashdot.org wilson@visi.com | <dtml-var pithy_quote> | http://linux.com
On Wed, Sep 26, 2001 at 01:57:50PM -0500, Timothy Wilson wrote:
I don't think apache 1.3.9 supports this. I tried your suggestion, but nothing different happened. My server runs Debian 2.2 which uses 1.3.9. I've been waiting to upgrade the box until the next official Debian release. Can anyone running Debian 2.2 say for sure whether this is the problem?
My 1.3.9 setup didn't work any better than yours. I backported 1.3.20 from Debian unstable to 2.2, but haven't yet seen if that's enough to fix it. It seems that in moving from 1.3.9 to 1.3.20, I broke jserv, php, and other things I had examples for in my VHost docs. At least Zope, CGI, and Apache static content still work. -- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- renfro@tntech.edu
On Sun, 2001-09-16 at 21:35, Fritz Mesedilla wrote:
Greetings Bill!
Is it possible to use ProxyVia with mod_rewrite since we use rewrite to hide the port number and folder of the zope websites?
Hello Fritz, I dunno. My gut says no. Personally, I use SiteAccess for this. Bill Anderson
participants (5)
-
Bill Anderson -
Fritz Mesedilla -
Mike Renfro -
Richard Barrett -
Timothy Wilson