Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
Roma2020-01-23 13:12:00
linux
Roma, 2020-01-23 13:12:00

Apache 2.4 does not see external IP even though mod_remoteip is configured. Where to dig?

Colleagues, good afternoon.
Prompt, please, in what there can be a business. The second day I fight.
Briefly: There are two identical servers, Apache sees the client's IP on one, and does not see it on the other.
In detail:
There is a test web server on openSUSE Leap 15. It is running apache 2.4.33, nginx 1.14.2 and related software.
The nginx config says:

proxy_set_header HTTPS YES;
proxy_set_header Host $host:443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Server-Address  $server_addr;

In apache config:
<IfModule remoteip_module>
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 127.0.0.1 10.1.1.10
RemoteIPInternalProxy 127.0.0.1 10.1.1.10
</IfModule>

The remoteip module is enabled:
# apache2ctl -M | grep remote
 remoteip_module (shared)

In apache for VirtualHost (more precisely, for Directory in VirtualHost) it is written:
Order allow,deny
Allow from 10.1.1.11
Allow from 10.1.1.12
Deny from all

When I try to access this Directory from the specified IP, I get Access forbidden (403 error). In the Apache logs, there is a corresponding entry that the entry was from 127.0.0.1 (in LogFormat, %h was replaced by %a).
There is also a "combat" web server, the configuration is one to one with the test one, the difference is only in IP addresses and hostname, all other settings are identical. So on the "combat" everything works - and writes real IP in the logs, and the IP limit works.
What can be wrong? Where to dig?
UPD:
In php, "$_SERVER" in the X_FORWARDED_* variables contains the correct values, IPs are external. Those. if I use the browser to access the script from my computer
<?php
echo '<pre>';
print_r($_SERVER);
echo '</pre>';
exit;
?>

then there all the values ​​of the X_FORWARDED_* variables are displayed correctly. 127.0.0.1 have only SERVER_ADDR and REMOTE_ADDR variables.
But on the combat one, REMOTE_ADDR contains my IP, i.e. 10.1.1.1. And there is no X_FORWARDED_FOR on the combat one.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
P
pPaulp, 2020-02-19
@pPaulp

Change the order of directives in apache, first RemoteIPInternalProxy, after RemoteIPTrustedProxy:

<IfModule remoteip_module>
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 127.0.0.1 10.1.1.10
RemoteIPTrustedProxy 127.0.0.1 10.1.1.10
</IfModule>

Report
V
Vyacheslav Rakhinsky, 2020-01-23
@rakhinskiy

RemoteIPHeader X-Forwarded-For shouldn't be X-Real-IP case?
RemoteIPHeader Directive / Declare the header field which should be parsed for useragent IP addresses

Similar questions
C
crdrads2018-12-10 21:31:08
Why is it said that clip and mask are better for SVG than native CSS? 6Reply
A
Alexander2019-01-08 01:55:52
Double execution of a task in Gulp 4, what's the trouble? 3Reply
P
pepl2132018-10-30 20:54:30
How to draw a circle on fastm? 1Reply
B
BigBrain2014-04-13 14:10:08
What to do with it? 3Reply
H
helixly2016-06-01 18:02:44
How to fix Invalid instruction (core dumped) error? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question