Hi, mod_remoteip fails to replace the IP set in either X-Real-IP header or X-Forwarded-For, saying "Header X-Real-Ip value of 172.18.0.1 appears to be a private IP or nonsensical. Ignored" Well, here we are using this feature in a big intranet, and we have reverse-proxies, all of them using private IPs. Those limitations seems weird as we trust the proxy just before our apache, whatever the IP is X-Forwarded-For, it should be trusted, period. When using a lot of reverse proxies with containers and orchestrators like k8s, at the very least, there should be a option in the module disabling this check; Maybe there should be something in the module documentation about this, because i just spent sometimes figuring it out. Regards, Denis S. Valdenaire
Do you use https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html#remoteipinternalproxy for the peer that presents that header?
Thanks for your response; I use this directive : RemoteIPTrustedProxy 10.0.0.0/8 This is precisely what I complain about : it was not trusted at all, as log says: [Tue Oct 24 09:51:53.952335 2023] [remoteip:debug] [pid 26:tid 140171089540800] mod_remoteip.c(679): [client 10.0.2.8:49822] AH01569: RemoteIP: Header X-Forwarded-For value of 172.18.0.1 appears to be a private IP or nonsensical. Ignored, referer: https://.../ The proxy presenting the X-Forwarded-For is the [client 10.0.2.8:49822], if I understand correctly. Anyway, I tried to put a lot of networks just to be sure, like : RemoteIPTrustedProxy 10.0.0.0/8 RemoteIPTrustedProxy 10.0.2.8 RemoteIPTrustedProxy 172.16.0.0/16 RemoteIPTrustedProxy 192.168.0.0/16 RemoteIPInternalProxy 10.0.0.0/8 RemoteIPInternalProxy 172.16.0.0/16 RemoteIPInternalProxy 192.168.0.0/16 But still got the same error.