63349 – RemoteIPProxyProtocol does not work with SNIProxy and IPv4

Bug 63349 - RemoteIPProxyProtocol does not work with SNIProxy and IPv4

Summary: RemoteIPProxyProtocol does not work with SNIProxy and IPv4

Status:	NEW

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_remoteip (show other bugs)
Version:	2.4.38
Hardware:	PC Linux

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-04-15 19:23 UTC by Alexander Schlarb
Modified:	2019-04-15 19:23 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Schlarb 2019-04-15 19:23:35 UTC

At least that's what I think is happening, since I get this error message in the logs:

[Mon Apr 15 20:51:45.321321 2019] [remoteip:error] [pid 2476:tid 139944387405568] [client fd00:dead:beef:2::1:53228] AH03500: RemoteIPProxyProtocol: invalid client-address '::ffff:1.1.1.1' found in header 'PROXY TCP6 ::ffff:1.1.1.1 ::ffff:172.21.0.3 49122 80'

(Public IP addresses changed in the log output.) On the other hand Let's encrypt certificate authorization worked without problems and also an IPv6 test from localhost worked while it always gives errors with IPv4 (unfortunately I do not have any native IPv6 connectivity available for further testing). It probably doesn't like the ::ffff:X.X.X.X format for representing mapped IPv4 addresses within IPv6. I'm honestly not sure why it doesn't just represent this as an IPv4 address with TCP4, but it is a valid IPv6 so it should still be parsable.

Any ideas?