Bug 63349

Summary: RemoteIPProxyProtocol does not work with SNIProxy and IPv4
Product: Apache httpd-2 Reporter: Alexander Schlarb <alexander-asf>
Component: mod_remoteipAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: NEW ---    
Severity: normal    
Priority: P2    
Version: 2.4.38   
Target Milestone: ---   
Hardware: PC   
OS: Linux   

Description Alexander Schlarb 2019-04-15 19:23:35 UTC
At least that's what I think is happening, since I get this error message in the logs:

[Mon Apr 15 20:51:45.321321 2019] [remoteip:error] [pid 2476:tid 139944387405568] [client fd00:dead:beef:2::1:53228] AH03500: RemoteIPProxyProtocol: invalid client-address '::ffff:1.1.1.1' found in header 'PROXY TCP6 ::ffff:1.1.1.1 ::ffff:172.21.0.3 49122 80'

(Public IP addresses changed in the log output.) On the other hand Let's encrypt certificate authorization worked without problems and also an IPv6 test from localhost worked while it always gives errors with IPv4 (unfortunately I do not have any native IPv6 connectivity available for further testing). It probably doesn't like the ::ffff:X.X.X.X format for representing mapped IPv4 addresses within IPv6. I'm honestly not sure why it doesn't just represent this as an IPv4 address with TCP4, but it is a valid IPv6 so it should still be parsable.

Any ideas?