Forum

Reverse proxy send true IP

chrisf
2 September 2014, 06:35


Hiawatha version: 9.7
Operating System: Centos 6.5

http://www.stderr.net/apache/rpaf/

I am hoping this is possible as it is very important.

Can we make/configure the ReverseProxy to send the IP of the actual user and not of the hiawatha webserver itself?
Hugo Leisink
2 September 2014, 06:57
Take a look at the HideProxy setting in the manual page.
chrisf
2 September 2014, 07:37
Nope, didn't do what I want. Let me explain.

I have a vps with our master virtualizer installed, it doesn't have anything but that, but it controls our vps creation, etc. Clients also manage from this same script.

Say it is located at xxx.xxx.xxx.xxx:8887 and I setup a reverse proxy virtual host for vps.domain.com to proxy that ip:port.

This all works great. However, the IP is always the IP of the hiawatha server - and if a hack attempt or anything goes wrong, the script blocks the IP - which is our main server IP. This blocks the reverse proxy.

Also, all logins are logged as our main IP instead of the client IP.

Can we force hiawatha to only forward, or send, the client IP through the reverse proxy? If not available currently, can this be done?
chrisf
2 September 2014, 07:40
Also, the webserver that serves the reverse proxy is not hiawatha
Hugo Leisink
2 September 2014, 08:01
It is done via the X-Forwarded-For (HTTP_X_FORWARED_FOR) or the new Forwarded (HTTP_FORWARDED) HTTP header. The final webserver must support this.
chrisf
2 September 2014, 08:25
Well, as always, thank you. The webserver is lighttpd, quick google turned up mod_extforward - all is now working great.

Thank you Hugo!
Hugo Leisink
2 September 2014, 08:26
You're welcome!
This topic has been closed.