https://bz.apache.org/bugzilla/show_bug.cgi?id=67909
Bug ID: 67909
Summary: mod_remoteip fails when real IP is internal
Product: Apache httpd-2
Version: 2.4.57
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_remoteip
Assignee: bugs@httpd.apache.org
Reporter: dvaldenaire@gmail.com
Target Milestone: ---
Hi,
mod_remoteip fails to replace the IP set in either X-Real-IP header or
X-Forwarded-For, saying "Header X-Real-Ip value of 172.18.0.1 appears to be a
private IP or nonsensical. Ignored"
Well, here we are using this feature in a big intranet, and we have
reverse-proxies, all of them using private IPs. Those limitations seems weird
as we trust the proxy just before our apache, whatever the IP is
X-Forwarded-For, it should be trusted, period.
When using a lot of reverse proxies with containers and orchestrators like k8s,
at the very least, there should be a option in the module disabling this check;
Maybe there should be something in the module documentation about this, because
i just spent sometimes figuring it out.
Regards,
Denis S. Valdenaire
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
Bug ID: 67909
Summary: mod_remoteip fails when real IP is internal
Product: Apache httpd-2
Version: 2.4.57
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_remoteip
Assignee: bugs@httpd.apache.org
Reporter: dvaldenaire@gmail.com
Target Milestone: ---
Hi,
mod_remoteip fails to replace the IP set in either X-Real-IP header or
X-Forwarded-For, saying "Header X-Real-Ip value of 172.18.0.1 appears to be a
private IP or nonsensical. Ignored"
Well, here we are using this feature in a big intranet, and we have
reverse-proxies, all of them using private IPs. Those limitations seems weird
as we trust the proxy just before our apache, whatever the IP is
X-Forwarded-For, it should be trusted, period.
When using a lot of reverse proxies with containers and orchestrators like k8s,
at the very least, there should be a option in the module disabling this check;
Maybe there should be something in the module documentation about this, because
i just spent sometimes figuring it out.
Regards,
Denis S. Valdenaire
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org