Mailing List Archive

Handling load balancer's X-FORWARDED-FOR header: mod_proxy vs mod_remoteip and Apache 2.2.6
I've got Apache 2.2.6 in production and we're *trialling* a new load balancer
which is able to create an X-FORWARDED-FOR header.

I wanted to keep things simple as possible, and it looked like mod_remoteip was
the module I wanted to use for this purpose. Simply using the mod_remoteip
directive "RemoteIPHeader X-Forwarded-For" should do what I wanted.

Then I found out how difficult it was to FIND the source for mod_remoteip. The
website decribed it as a BASE module, but that is apparently for Apache 2.3 and
up, since it's not evident in my 2.2.6 sources.

FINALLY (and this was a few weeks ago so I don't recall where) I found a source
file for mod_remoteip.c.

Then off to several conferences and returning to the office, I learn the trial
load balancer is on its way out the door in the next day or so.

Trying to compile mod_remoteip.c, I get errors suggesting that there was
apparently a change in the structure of modules between when this source was
created and the APXS that I'm trying to use from Apache 2.2.6 --

# /dlt/sw/httpd-2.2.6-cosign/bin/apxs -c mod_remoteip.c
/dlt/sw/httpd-2.2.6-cosign/build/libtool --silent --mode=compile cc -prefer-pic
-DSOLARIS2=10 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -D_LARGEFILE64_SOURCE
-g -I/dlt/sw/httpd-2.2.6-cosign/include -I/dlt/sw/httpd-2.2.6-cosign/include
-I/dlt/sw/httpd-2.2.6-cosign/include -c -o mod_remoteip.lo mod_remoteip.c
&& touch mod_remoteip.slo
"mod_remoteip.c", line 481: warning: function prototype parameters must have types
"mod_remoteip.c", line 481: warning: old-style declaration or incorrect type
for: AP_DECLARE_MODULE
"mod_remoteip.c", line 481: cannot initialize function: AP_DECLARE_MODULE
"mod_remoteip.c", line 481: cannot recover from previous errors
cc: acomp failed for mod_remoteip.c
apxs:Error: Command failed with rc=65536
.
#

Short of modifying the source code to backfit it to 2.2.6 (which I am at a loss
how to do), it's been suggested I look at mod_proxy, which is apparently part
of the base for 2.2.6 (I am explicitly NOT loading this module right now).
But I don't see the header "X-Forwarded-For" cited anywhere in the mod_proxy
documentation, and I would expect that if this is a typical use of mod_proxy,
there'd be SOMETHING like that noted there.

Thoughts on either the refitting for Apache 2.2.6 of mod_remoteip, using
mod_proxy for the same purpose, or some other method of achieving this with the
module's I've got to work with?

--
J.Lance Wilkinson ("Lance") InterNet: Lance.Wilkinson@psu.edu
Systems Design Specialist - Lead Phone: (814) 865-4870
Digital Library Technologies FAX: (814) 863-3560
E3 Paterno Library
Penn State University
University Park, PA 16802

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Handling load balancer's X-FORWARDED-FOR header: mod_proxy vs mod_remoteip and Apache 2.2.6 [ In reply to ]
----- "J.Lance Wilkinson" <jlw12@psulias.psu.edu> wrote:

> I've got Apache 2.2.6 in production and we're *trialling* a new load
> balancer
> which is able to create an X-FORWARDED-FOR header.
>
> I wanted to keep things simple as possible, and it looked like
> mod_remoteip was
> the module I wanted to use for this purpose. Simply using the
> mod_remoteip
> directive "RemoteIPHeader X-Forwarded-For" should do what I wanted.
>
> Then I found out how difficult it was to FIND the source for
> mod_remoteip. The
> website decribed it as a BASE module, but that is apparently for
> Apache 2.3 and
> up, since it's not evident in my 2.2.6 sources.

mod_remoteip is a module from 2.3

http://httpd.apache.org/docs/trunk/mod/mod_remoteip.html

Thus you can find it in:
Apache httpd's subversion respository in /trunk/
https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/proxy/

> FINALLY (and this was a few weeks ago so I don't recall where) I found
> a source
> file for mod_remoteip.c.
>
> Then off to several conferences and returning to the office, I learn
> the trial
> load balancer is on its way out the door in the next day or so.
>
> Trying to compile mod_remoteip.c, I get errors suggesting that there
> was
> apparently a change in the structure of modules between when this
> source was
> created and the APXS that I'm trying to use from Apache 2.2.6 --
>
> # /dlt/sw/httpd-2.2.6-cosign/bin/apxs -c mod_remoteip.c
> /dlt/sw/httpd-2.2.6-cosign/build/libtool --silent --mode=compile cc
> -prefer-pic
> -DSOLARIS2=10 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT
> -D_LARGEFILE64_SOURCE
> -g -I/dlt/sw/httpd-2.2.6-cosign/include
> -I/dlt/sw/httpd-2.2.6-cosign/include
> -I/dlt/sw/httpd-2.2.6-cosign/include -c -o mod_remoteip.lo
> mod_remoteip.c
> && touch mod_remoteip.slo
> "mod_remoteip.c", line 481: warning: function prototype parameters
> must have types
> "mod_remoteip.c", line 481: warning: old-style declaration or
> incorrect type
> for: AP_DECLARE_MODULE
> "mod_remoteip.c", line 481: cannot initialize function:
> AP_DECLARE_MODULE
> "mod_remoteip.c", line 481: cannot recover from previous errors
> cc: acomp failed for mod_remoteip.c
> apxs:Error: Command failed with rc=65536
> .
> #

Yup, looks like it won't work with 2.2...

> Short of modifying the source code to backfit it to 2.2.6 (which I am
> at a loss
> how to do), it's been suggested I look at mod_proxy, which is
> apparently part
> of the base for 2.2.6 (I am explicitly NOT loading this module right
> now).
> But I don't see the header "X-Forwarded-For" cited anywhere in the
> mod_proxy
> documentation, and I would expect that if this is a typical use of
> mod_proxy,
> there'd be SOMETHING like that noted there.
>
> Thoughts on either the refitting for Apache 2.2.6 of mod_remoteip,
> using
> mod_proxy for the same purpose, or some other method of achieving this
> with the
> module's I've got to work with?

Have you considered using mod_rpaf for this kind of fun?

http://stderr.net/apache/rpaf/

It's a module for 2.2, that does exactly that.


> --
> J.Lance Wilkinson ("Lance") InterNet: Lance.Wilkinson@psu.edu
> Systems Design Specialist - Lead Phone: (814) 865-4870
> Digital Library Technologies FAX: (814) 863-3560
> E3 Paterno Library
> Penn State University
> University Park, PA 16802
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

--
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Handling load balancer's X-FORWARDED-FOR header: mod_proxy vs mod_remoteip and Apache 2.2.6 [ In reply to ]
Igor Galić wrote:
> mod_remoteip is a module from 2.3
>
> http://httpd.apache.org/docs/trunk/mod/mod_remoteip.html
>
> Thus you can find it in:
> Apache httpd's subversion respository in /trunk/
> https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/proxy/

Yep, that's where I finally found it. Just needed a reminder.
>
>> FINALLY (and this was a few weeks ago so I don't recall where) I found
>> a source file for mod_remoteip.c.
......
>>
>> Thoughts on either the refitting for Apache 2.2.6 of mod_remoteip,
>> using mod_proxy for the same purpose, or some other method of achieving this
>> with the module's I've got to work with?
>
> Have you considered using mod_rpaf for this kind of fun?
>
> http://stderr.net/apache/rpaf/
>
> It's a module for 2.2, that does exactly that.

I wouldn't have ever heard of this without posting here, thanks.
Will look into this one right away.

--
J.Lance Wilkinson ("Lance") InterNet: Lance.Wilkinson@psu.edu
Systems Design Specialist - Lead Phone: (814) 865-4870
Digital Library Technologies FAX: (814) 863-3560
E3 Paterno Library
Penn State University
University Park, PA 16802


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Handling load balancer's X-FORWARDED-FOR header: mod_proxy vs mod_remoteip and Apache 2.2.6 [ In reply to ]
On 10/19/2010 7:28 AM, J.Lance Wilkinson wrote:
>
> Short of modifying the source code to backfit it to 2.2.6 (which I am at a loss how to
> do), it's been suggested I look at mod_proxy, which is apparently part of the base for
> 2.2.6 (I am explicitly NOT loading this module right now). But I don't see the header
> "X-Forwarded-For" cited anywhere in the mod_proxy documentation, and I would expect that
> if this is a typical use of mod_proxy, there'd be SOMETHING like that noted there.
>
> Thoughts on either the refitting for Apache 2.2.6 of mod_remoteip, using mod_proxy for the
> same purpose, or some other method of achieving this with the module's I've got to work with?

Some modules I've moved back to 2.2, including remoteip, can be found here;
http://people.apache.org/~wrowe/httpd-2.2-ports/ --- apxs should work for you
with those sources.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Handling load balancer's X-FORWARDED-FOR header: mod_proxy vs mod_remoteip and Apache 2.2.6 [ In reply to ]
William A. Rowe Jr. wrote:
> On 10/19/2010 7:28 AM, J.Lance Wilkinson wrote:
>> Short of modifying the source code to backfit it to 2.2.6 (which I am at a loss how to
>> do), it's been suggested I look at mod_proxy, which is apparently part of the base for
>> 2.2.6 (I am explicitly NOT loading this module right now). But I don't see the header
>> "X-Forwarded-For" cited anywhere in the mod_proxy documentation, and I would expect that
>> if this is a typical use of mod_proxy, there'd be SOMETHING like that noted there.
>>
>> Thoughts on either the refitting for Apache 2.2.6 of mod_remoteip, using mod_proxy for the
>> same purpose, or some other method of achieving this with the module's I've got to work with?
>
> Some modules I've moved back to 2.2, including remoteip, can be found here;
> http://people.apache.org/~wrowe/httpd-2.2-ports/ --- apxs should work for you
> with those sources.

Wow, thanks. Have already got things running with the mod_rpaf module
that Igor cited, but will look into this one as well since it would fit
closer to the normal configurations once we upgrade from Apache 2.2.6
to a later release.

--
J.Lance Wilkinson ("Lance") InterNet: Lance.Wilkinson@psu.edu
Systems Design Specialist - Lead Phone: (814) 865-4870
Digital Library Technologies FAX: (814) 863-3560
E3 Paterno Library
Penn State University
University Park, PA 16802

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Handling load balancer's X-FORWARDED-FOR header: mod_proxy vs mod_remoteip and Apache 2.2.6 [ In reply to ]
Hi Bill,

> Some modules I've moved back to 2.2, including remoteip, can be found
> here;

Not many people will think about looking under:

> http://people.apache.org/~wrowe/httpd-2.2-ports/ --- apxs should work
> for you
> with those sources.

when looking for such modules.. would it make sense to offer them in
some other space?

i

--
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Handling load balancer's X-FORWARDED-FOR header: mod_proxy vs mod_remoteip and Apache 2.2.6 [ In reply to ]
On 10/19/2010 11:20 AM, Igor Galić wrote:
> Hi Bill,
>
>> Some modules I've moved back to 2.2, including remoteip, can be found
>> here;
>
> Not many people will think about looking under:
>
>> http://people.apache.org/~wrowe/httpd-2.2-ports/
>
> when looking for such modules.. would it make sense to offer them in
> some other space?

2.4.0 GA release? Please, propose for backport on the httpd list anything
you feel the user community needs now, but these were mostly set up to
let a few users do some serious deployment testing ahead of our coming GA.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Handling load balancer's X-FORWARDED-FOR header: mod_proxy vs mod_remoteip and Apache 2.2.6 [ In reply to ]
----- "William A. Rowe Jr." <wrowe@rowe-clan.net> wrote:

> On 10/19/2010 11:20 AM, Igor Galić wrote:
> > Hi Bill,
> >
> >> Some modules I've moved back to 2.2, including remoteip, can be
> found
> >> here;
> >
> > Not many people will think about looking under:
> >
> >> http://people.apache.org/~wrowe/httpd-2.2-ports/
> >
> > when looking for such modules.. would it make sense to offer them
> in
> > some other space?
>
> 2.4.0 GA release? Please, propose for backport on the httpd list
> anything
> you feel the user community needs now, but these were mostly set up
> to
> let a few users do some serious deployment testing ahead of our coming
> GA.

+1 for 2.4.0 GA then (:
Or as soon as possible.. I'm already moving my testing instances to 2.3.x


--
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Handling load balancer's X-FORWARDED-FOR header: mod_proxy vs mod_remoteip and Apache 2.2.6 [ In reply to ]
On 10/19/2010 11:53 AM, Igor Galić wrote:
>
> +1 for 2.4.0 GA then (:
> Or as soon as possible.. I'm already moving my testing instances to 2.3.x

Step 1 is broad acceptance of the 2.3.x beta. We'll likely ship a new one
two weeks from now, after many of the developers have a chance to sit down
together at ApacheCon and wrap our heads around the non-trivial changes.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org