Perlbal and CGI::remote_host returning 127.0.0.1

Jeremy James jbj at forbidden.co.uk
Wed Sep 26 12:09:44 UTC 2007


Brad Fitzpatrick wrote:
> On Tue, 25 Sep 2007, Igor Chudov wrote:
> 
>> I am a very happy user of perlbal -- it easily manages my 15 requests
>> per second and everything works VERY well. Thank you Brad.
>>
>> I was also able to stick X-Forwarded-For header into apache logs, so
>> that they show originating IP. So far so good.
>>
>> My question is, how do I make mod_perl and CGI module report actual
>> remote host as $cgi->remote_host, as opposed to getting 127.0.0.1.
>
> See:
>    http://stderr.net/apache/rpaf/
>

We use mod_rpaf under apache 1.3 and 2.0, but had problems when
perlbal's persist_backend was on - the apache module would only set the
remote IP address on the first request to apache, then assume that the
connection was from the same machine and not change it when a new
request comes in from perlbal.

The obvious solution is therefore to get the module to parse
X-Forwarded-For on every request, but this is thwarted by the fact that
the IP address mod_rpaf wants to check to see if this is a trusted proxy
is the same address it just changed to fool other apache processes into
thinking we're connected to a different host.

There are some solutions you could attempt to fix this - we just ignore
the IP checks (we use to use the IP address as part of the
authentication system, but now just use it for logging after we had too
many issues with multiple-outgoing proxy networks, so aren't concerned
about the security implications). However, you're probably better off
with mod_extract_forwarded which appears to have code to fix this
problem (but not in the Apache 1.3 version).

-jeremy


More information about the perlbal mailing list