Add support for X-Forwarded-For

[donum]

Hi,

in your description it says:

This module uses the client IP address for the lookup. This is not always what you want. If you need to use an IP address specified in a header (e.g., by your proxy frontend), mod_remoteip may be used to set the client IP address.

However, the still wildly used Apache 2.2 doesn't include mod_remoteip.

I also see in your code:

static char *get_client_ip(request_rec *r)
{
# if AP_SERVER_MAJORVERSION_NUMBER == 2 && AP_SERVER_MINORVERSION_NUMBER == 4
    return r->useragent_ip;
# else
    return r->connection->remote_ip;
#endif
}

You tried to support both but the condition are commented out.

Could you please add support for 2.2 in this regard? Especially it would be cool if there were a config setting so that the module uses the client ip coming from the X-Forwarded-For header.

What do you think? We tried using a downgrade version of mod_remoteip which initially worked, but gives us SIGTERMs.

We would like to use a commercial license from you, but this technical issue is blocking us right now.

Thanks,
Daniel

[oschwald]

That code isn't commented out. It is a preprocessor directive. For 2.2, you can use a backported version of mod_remoteip such as mod_remoteip-httpd22, which is what we use in our unit tests, or something like mod_rpaf may work as well.

[donum]

Oh sorry, I am not familiar with c. Thanks, I will check the links and respond later. mod_rpaf sounds really promising.

[tewner]

This feature was added in mod_geoip2 , including a feature we requested, "GeoIPUseFirstNonPrivateXForwardedForIP". We would like to stop using the "Legacy" MaxMind DB's, but would also prefer not to have this "regression".

https://github.com/maxmind/geoip-api-mod_geoip2/blob/master/mod_geoip.c#L388

[oschwald]

Is there a reason why you can't use mod_remoteip? Parsing various headers seems out of scope for this module.

[oschwald]

Closing as mod_remoteip can be used to handle this use case.