Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Mod_Security: Wrong Client IP with Reverse Proxy Apache 2.4 |
|
| Author |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
 Posted: Tue 27 Mar '12 11:55 Post subject: Mod_Security: Wrong Client IP with Reverse Proxy Apache 2.4 |
 |
|
Using the new mod_remoteip to pass the real IP of the client to the back end with ProxyPass.
In the front Apache:
ProxyPreserveHost On
ProxyPass / http://127.0.0.1/
ProxyPassReverse / http://127.0.0.1/
In the back Apache:
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 127.0.0.1
Now logs mod_security as client 127.0.0.1 instead of the real client IP as used, so mod-security is using the wrong IP. Not sure if in other area's or rules of mod_security it is taken the wrong IP.
[Sat Mar 24 11:30:52.640097 2012] [remoteip:info] [pid 628:tid 1472] [client 188.93.10.56:50800] Using 188.93.10.56 as client's IP by proxies 127.0.0.1
[Sat Mar 24 11:30:52.640097 2012] [:error] [pid 628:tid 1472] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\.\\\\./" at ARGS:abc. [file "D:/servers/apache/conf/httpd.conf"] [line "473"] [id "50904"] [msg "Drive Access"] [severity "WARNING"] [hostname "www.land10web.com"] [uri "/"] [unique_id "T22iXMCoAQQAAAJ0x4cAAAB3"]
I reported the issue at mod_security jira.
Steffen |
|
| Back to top |
|
|
|
|
|
|
