Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cherokee>
  3. dev
Issue 1369 in cherokee: IPv6 addresses are copied incorrectly from X-Real-IP to REMOTE_ADDR
cherokee at googlecode
Aug 11, 2012, 8:08 AM
Post #1 of 6 (2046 views)
Permalink
Status: New
Owner: ----

New issue 1369 by thecybershadow: IPv6 addresses are copied incorrectly
from X-Real-IP to REMOTE_ADDR
http://code.google.com/p/cherokee/issues/detail?id=1369

What steps will reproduce the problem?
1. Set up Cherokee behind an IPv6-enabled reverse proxy configured to send
the X-Real-IP header
2. Set up PHP in Cherokee using the PHP wizard, and set up "Read X-Real-IP"
setting
3. Visit a phpinfo() page via IPv6 through the reverse proxy

What is the expected output?
$_SERVER["REMOTE_ADDR"] should be the full IPv6 address of the connecting
client, as sent in the X-Real-IP header.

What do you see instead?
$_SERVER["REMOTE_ADDR"] only contains the part of the address until the
first : character (e.g. 2001 instead of 2001:xxx:xxxx:xxx::1).

What version of the product are you using? On what operating system?
Cherokee/1.2.2 (Debian GNU/Linux)
Ubuntu Server 12.04 x86_64

Please provide any additional information below.
The full IP address is still present in $_SERVER["HTTP_X_REAL_IP"] and
$_SERVER["HTTP_X_FORWARDED_FOR"].

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev@lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev
Re: Issue 1369 in cherokee: IPv6 addresses are copied incorrectly from X-Real-IP to REMOTE_ADDR [ In reply to ]
cherokee at googlecode
Aug 11, 2012, 4:01 PM
Post #2 of 6 (1998 views)
Permalink
Comment #1 on issue 1369 by mehmetal...@gmail.com: IPv6 addresses are
copied incorrectly from X-Real-IP to REMOTE_ADDR
http://code.google.com/p/cherokee/issues/detail?id=1369

it looks like ipv6 colons parsing as port number. are reverse proxies
sending user's connection port?

i didn't find any direction about x-real-ip.

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev@lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev
Re: Issue 1369 in cherokee: IPv6 addresses are copied incorrectly from X-Real-IP to REMOTE_ADDR [ In reply to ]
cherokee at googlecode
Aug 11, 2012, 9:56 PM
Post #3 of 6 (1993 views)
Permalink
Comment #2 on issue 1369 by thecybershadow: IPv6 addresses are copied
incorrectly from X-Real-IP to REMOTE_ADDR
http://code.google.com/p/cherokee/issues/detail?id=1369

I had to configure sending X-Real-IP manually for Apache and nginx. There
is an example in the nginx documentation here, which I followed:

http://wiki.nginx.org/HttpProxyModule

It does not include a port number.

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev@lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev
Re: Issue 1369 in cherokee: IPv6 addresses are copied incorrectly from X-Real-IP to REMOTE_ADDR [ In reply to ]
cherokee at googlecode
Aug 11, 2012, 11:43 PM
Post #4 of 6 (1983 views)
Permalink
Comment #3 on issue 1369 by mehmetal...@gmail.com: IPv6 addresses are
copied incorrectly from X-Real-IP to REMOTE_ADDR
http://code.google.com/p/cherokee/issues/detail?id=1369

i took a look squid, nginx and apache mod_proxy directions and it looks
like reverse proxies never send user connection port with x-real-ip header
(or i missed).

so is this[1] necessary?

[1]
https://github.com/cherokee/webserver/blob/master/cherokee/handler_cgi_base.c#L341

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev@lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev
Re: Issue 1369 in cherokee: IPv6 addresses are copied incorrectly from X-Real-IP to REMOTE_ADDR [ In reply to ]
cherokee at googlecode
Aug 12, 2012, 12:08 AM
Post #5 of 6 (1989 views)
Permalink
Comment #4 on issue 1369 by thecybershadow: IPv6 addresses are copied
incorrectly from X-Real-IP to REMOTE_ADDR
http://code.google.com/p/cherokee/issues/detail?id=1369

That code existed since the moment X-Real-IP was added:

https://github.com/cherokee/webserver/commit/860827a6a2290710e991157eb73331a1c1d9644a

Note that removing that code right now would break the tests:

https://github.com/cherokee/webserver/commit/860827a6a2290710e991157eb73331a1c1d9644a#L8R32

Although there's no evidence that X-Real-IP is expected to contain a port
number, one way to handle this without potentially breaking
backwards-compatibility would be to check the number of : characters in the
header. If there's more than one, treat it as an IPv6 address without a
port number.

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev@lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev
Re: Issue 1369 in cherokee: IPv6 addresses are copied incorrectly from X-Real-IP to REMOTE_ADDR [ In reply to ]
cherokee at googlecode
Aug 13, 2012, 3:18 PM
Post #6 of 6 (1983 views)
Permalink
Updates:
Status: Accepted
Owner: ste...@konink.de
Labels: Type-Defect Priority-Medium OpSys-All Component-Logic Usability

Comment #5 on issue 1369 by ste...@konink.de: IPv6 addresses are copied
incorrectly from X-Real-IP to REMOTE_ADDR
http://code.google.com/p/cherokee/issues/detail?id=1369

(No comment was entered for this change.)

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev@lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal