Bug 61896 - CONN_REMOTE_ADDR not exposed to php scripts
Summary: CONN_REMOTE_ADDR not exposed to php scripts
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_remoteip (show other bugs)
Version: 2.4.29
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-12-13 12:19 UTC by Reindl Harald
Modified: 2017-12-13 12:19 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Reindl Harald 2017-12-13 12:19:40 UTC
mod_rewrite supports for years now REMOTE_ADDR *and* CONN_REMOTE_ADDR, see samle below, mod_remoteip don't give you any information within a PHP script about the physical connecting IP

this can be crucial when your reverse-proxy adds headers which you can use in your application to make decisions because you should verify the source-ip to make sure that header is trustable

the setup below has one big goal: decide via DNS if a website goes directly to httpd or for high traffic pages over the reverse-proxy which in this case would do TLS-offloading and sim,ilar decisions can happen within the application - or better said it should be posible to do so

<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{CONN_REMOTE_ADDR} !^192\.168\.196\.2
 RewriteCond %{HTTPS} off
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>