Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Apache's ProxyPreserveHost is not preserving the host?

[realrena]

Hi all,

First of all, I would like to thank you for reading this thread.

OK here goes my problem.

I just installed lighttpd as a proxy for apache to serve static content.

What I have in apache under the Virtualhost is the following:

Code:

<VirtualHost 123.123.123.123>
    ServerAdmin xxx@xxx.com
    DocumentRoot /var/www/html/xxx/xxx
    ServerName xxx.xxx.com
    Options -Indexes +FollowSymLinks
    ErrorLog logs/xxxxx
    CustomLog logs/xxxxxx common

    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / http://0.0.0.0:1234/
    ProxyPassReverse / http://0.0.0.0:1234/
</VirtualHost>

But somehow, when I read the logs inside /var/log/lighttpd, all I can see is that 127.0.0.1 as the host.

Can anyone tell me what is wrong??

[Bilco105]

Do you have a copy of an access request?

I take it the actual client requesting IP is being recorded correctly?

What version of Apache are you running, as there was a bug with similiar symptoms in Apache 2.0.52 I think.

[realrena]

Hi Bilco105,

1) Below is what i see in /var/log/lighttpd/access.log

Quote:

127.0.0.1 abcd.domain.com testuser [31/Dec/2007:06:38:00 -0600] "GET /test100.zip HTTP/1.1" 200 344091 "http://abcd.domain.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

127.0.0.1 is exactly what the log has recorded.

2) I'm running Apache 2.2.3 + Lighttpd 1.4.18

[wKkaY]

Lighttpd will set an X-Forwarded-For header that contains the client IP. To make Apache assume the client IP from that header, you need to use modules like mod_rpaf or mod_extract_forwarded. Personally I use the former.

[realrena]

Quote:

Originally Posted by wKkaY

Lighttpd will set an X-Forwarded-For header that contains the client IP. To make Apache assume the client IP from that header, you need to use modules like mod_rpaf or mod_extract_forwarded. Personally I use the former.

Hmm somehow it's not working.. Still getting 127.0.0.1 in my logs

[Bilco105]

I'm slightly confused by your setup. You say you're using lighty to proxy requests through to Apache. However, your config shows you also using Apache to proxy requests through to something on port 1234. Is this done for a reason?. I'm trying to understand why you have multiple levels of proxying.

[wKkaY]

You're right, Bilco105. I misread the first post (didn't see the part where he was reading off /var/log/lighttpd) and thought he was proxying Apache with lighttpd.

[Bilco105]

I still don't get why you would have Apache proxy through to lighttpd. I would have thought the reverse would be better, what with lighty being a lot more lightweight and robust for this type of setup.

[realrena]

I think I made a mistake in the Apache's ProxyPass directives.

I guess I should take out this line

Quote:

ProxyPassReverse / http://0.0.0.0:1234/

Apache's my main, and proxy some of the large static files to Lighttpd.
The reason for this (Apache as main, Lighttpd as proxy) is because I have some custom written modules for apache, and it'll take alot of time to rewrite them to lighttpd.

[Bilco105]

If you are using lighttpd as a proxy, then you don't need any of the proxy directives in your apache configuration.

Lighttpd forwards requests with the X-Forwarded-For header, which Apache doesn't process.

You'll need to install mod_rpaf and configure it with the IP's of your proxy server(s). This will extract the IP/Host from the forwarded-for address and change the remote address of the client.