From fe4f20e9eddc37c14bdd5b4dce7375563e3f62a0 Mon Sep 17 00:00:00 2001 From: Eric Covener Date: Sat, 15 Feb 2014 18:03:49 +0000 Subject: [PATCH] xform git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1568653 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/mod/mod_remoteip.html.en | 38 ++++++++++++++-------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/docs/manual/mod/mod_remoteip.html.en b/docs/manual/mod/mod_remoteip.html.en index e917921824..321cee7966 100644 --- a/docs/manual/mod/mod_remoteip.html.en +++ b/docs/manual/mod/mod_remoteip.html.en @@ -43,7 +43,7 @@ via the request headers.

The module overrides the client IP address for the connection with the useragent IP address reported in the request header configured - with the RemoteIPHeader directive.

+ with the RemoteIPHeader directive.

Once replaced as instructed, this overridden useragent IP address is then used for the mod_authz_host @@ -105,7 +105,7 @@ via the request headers. can record using the %{remoteip-proxy-ip-list}n format token. If the administrator needs to store this as an additional header, this same value can also be recording as a header using the directive - RemoteIPProxiesHeader.

+ RemoteIPProxiesHeader.

IPv4-over-IPv6 Mapped Addresses

As with httpd in general, any IPv4-over-IPv6 mapped addresses are recorded @@ -114,7 +114,7 @@ via the request headers.

Internal (Private) Addresses

All internal addresses 10/8, 172.16/12, 192.168/16, 169.254/16 and 127/8 blocks (and IPv6 addresses outside of the public 2000::/3 block) are only - evaluated by mod_remoteip when RemoteIPInternalProxy + evaluated by mod_remoteip when RemoteIPInternalProxy internal (intranet) proxies are registered.
@@ -127,14 +127,14 @@ via the request headers. Status:Base Module:mod_remoteip -

The RemoteIPHeader directive triggers +

The RemoteIPHeader directive triggers mod_remoteip to treat the value of the specified header-field header as the useragent IP address, or list of intermediate useragent IP addresses, subject to further configuration - of the RemoteIPInternalProxy and - RemoteIPTrustedProxy directives. Unless these + of the RemoteIPInternalProxy and + RemoteIPTrustedProxy directives. Unless these other directives are used, mod_remoteip will trust all - hosts presenting a RemoteIPHeader IP value.

+ hosts presenting a RemoteIPHeader IP value.

Internal (Load Balancer) Example

RemoteIPHeader X-Client-IP
@@ -152,10 +152,10 @@ via the request headers. Status:Base Module:mod_remoteip -

The RemoteIPInternalProxy directive adds one +

The RemoteIPInternalProxy directive adds one or more addresses (or address blocks) to trust as presenting a valid RemoteIPHeader value of the useragent IP. Unlike the - RemoteIPTrustedProxy directive, any IP address + RemoteIPTrustedProxy directive, any IP address presented in this header, including private intranet addresses, are trusted when passed from these proxies.

@@ -174,13 +174,13 @@ RemoteIPInternalProxy gateway.localdomain Status:Base Module:mod_remoteip -

The RemoteIPInternalProxyList directive specifies +

The RemoteIPInternalProxyList directive specifies a file parsed at startup, and builds a list of addresses (or address blocks) to trust as presenting a valid RemoteIPHeader value of the useragent IP.

The '#' hash character designates a comment line, otherwise each whitespace or newline separated entry is processed identically to - the RemoteIPInternalProxy directive.

+ the RemoteIPInternalProxy directive.

Internal (Load Balancer) Example

RemoteIPHeader X-Client-IP
 RemoteIPInternalProxyList conf/trusted-proxies.lst
@@ -200,13 +200,13 @@ gateway.localdomain #The front end balancer
Status:Base Module:mod_remoteip -

The RemoteIPProxiesHeader directive specifies +

The RemoteIPProxiesHeader directive specifies a header into which mod_remoteip will collect a list of all of the intermediate client IP addresses trusted to resolve the useragent IP of the request. Note that intermediate - RemoteIPTrustedProxy addresses are recorded in + RemoteIPTrustedProxy addresses are recorded in this header, while any intermediate - RemoteIPInternalProxy addresses are discarded.

+ RemoteIPInternalProxy addresses are discarded.

Example

RemoteIPHeader X-Forwarded-For
 RemoteIPProxiesHeader X-Forwarded-By
@@ -222,14 +222,14 @@ RemoteIPProxiesHeader X-Forwarded-By Status:Base Module:mod_remoteip -

The RemoteIPTrustedProxy directive adds one +

The RemoteIPTrustedProxy directive adds one or more addresses (or address blocks) to trust as presenting a valid RemoteIPHeader value of the useragent IP. Unlike the - RemoteIPInternalProxy directive, any intranet + RemoteIPInternalProxy directive, any intranet or private IP address reported by such proxies, including the 10/8, 172.16/12, 192.168/16, 169.254/16 and 127/8 blocks (or outside of the IPv6 public 2000::/3 block) are not trusted as the useragent IP, and are left in the - RemoteIPHeader header's value.

+ RemoteIPHeader header's value.

Trusted (Load Balancer) Example

RemoteIPHeader X-Forwarded-For
 RemoteIPTrustedProxy 10.0.2.16/28
@@ -246,13 +246,13 @@ RemoteIPTrustedProxy proxy.example.com
Status:Base Module:mod_remoteip -

The RemoteIPTrustedProxyList directive specifies +

The RemoteIPTrustedProxyList directive specifies a file parsed at startup, and builds a list of addresses (or address blocks) to trust as presenting a valid RemoteIPHeader value of the useragent IP.

The '#' hash character designates a comment line, otherwise each whitespace or newline separated entry is processed identically to - the RemoteIPTrustedProxy directive.

+ the RemoteIPTrustedProxy directive.

Trusted (Load Balancer) Example

RemoteIPHeader X-Forwarded-For
 RemoteIPTrustedProxyList conf/trusted-proxies.lst
-- 2.50.1