Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I set REMOTE_ADDR in apache before php is invoked?

Tags:

php

apache

I have a website set up with nginx acting as a reverse proxy to apache 2.2, which is running php. From apache and php's perspective the IP address of all requests is the nginx server. I'd like php to see the same remote IP that nginx sees.

Nginx sets a header X-Real-IP which contains the remote IP that nginx sees. I tried doing something like this in the apache conf:

SetEnvIf ^X-Real-IP$ "(.+)" REMOTE_ADDR=$1

My hope was that I could set the REMOTE_ADDR environment variable and when php finally gets invoked, it would see the remote IP that nginx sees. I think the php code is doing this:

$_SERVER['REMOTE_ADDR']

Anyway, this isn't working. Can you not set REMOTE_ADDR in the apache config file?

like image 634
Russell Neufeld Avatar asked Feb 24 '10 17:02

Russell Neufeld


People also ask

Can $_ server Remote_addr be spoofed?

Yes, it's safe. It is the source IP of the TCP connection and can't be substituted by changing an HTTP header.

What is $_ server [' Remote_addr ']?

$_SERVER['REMOTE_ADDR'] Returns the IP address from where the user is viewing the current page. $_SERVER['REMOTE_HOST'] Returns the Host name from where the user is viewing the current page. $_SERVER['REMOTE_PORT']

How to get the server's IP address from a PHP url?

On Windows IIS 7 you must use $_SERVER ['LOCAL_ADDR'] rather than $_SERVER ['SERVER_ADDR'] to get the server's IP address. Guide to URL paths... Purpose: The URL path name of the current PHP file, including path-info (see $_SERVER ['PATH_INFO']) and excluding URL query string. Includes leading slash.

How do I use a remote url in PHP?

Using remote files As long as allow_url_fopen is enabled in php.ini, you can use HTTP and FTP URLs with most of the functions that take a filename as a parameter. In addition, URLs can be used with the include, include_once, require and require_once statements (allow_url_include must be enabled for these).

What is $_server in PHP?

(PHP 4 >= 4.1.0, PHP 5, PHP 7, PHP 8) $_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server. There is no guarantee that every web server will provide any of these; servers may omit some, or provide others not listed here.

Can $_server be trusted in PHP?

All elements of the $_SERVER array whose keys begin with 'HTTP_' come from HTTP request headers and are not to be trusted. 2. All HTTP headers sent to the script are made available through the $_SERVER array, with names prefixed by 'HTTP_'. 3. $_SERVER ['PHP_SELF'] is dangerous if misused.


6 Answers

Not sure whether REMOTE_ADDR can be changed that way...


Actually, you might need to install / enable another Apache module, like mod_rpaf (quoting) :

It changes the remote address of the client visible to other Apache modules when two conditions are satisfied.
First condition is that the remote client is actually a proxy that is defined in httpd.conf.
Secondly if there is an incoming X-Forwarded-For header and the proxy is in it's list of known proxies it takes the last IP from the incoming X-Forwarded-For header and changes the remote address of the client in the request structure.
It also takes the incoming X-Host header and updates the virtualhost settings accordingly.
For Apache2 mod_proxy it takes the X-Forwared-Host header and updates the virtualhosts

Here's a blog-post about that : Nginx proxy to Apache - access remote host IP address using mod_praf

Update: original link not working right now, but it is available also as a debian package: apt-get install libapache2-mod-rpaf

like image 134
Pascal MARTIN Avatar answered Oct 06 '22 04:10

Pascal MARTIN


I have solved this using mod_remoteip for Apache. mod_remoteip is for Apache 2.5 but thanks to this guy you can use it on Apache 2.2.x as well.

Download mod_remoteip.c from https://gist.github.com/1042237 and compile it with

apxs -i -a -c mod_remoteip.c

This should create mod_remoteip.so copy in the modules directory. apxs will also add LoadModule directive in your httpd.conf for newly created module.

Open httpd.conf and check does LoadModule directive for mod_remoteip exists

LoadModule remoteip_module    modules/mod_remoteip.so

Add RemoteIPHeader directive in httpd.conf

RemoteIPHeader X-Forwarded-For

This directive will instruct mod_remoteip to use X-Forwarded-For value from nginx as remote_addr. You can also use X-Real-IP instead:

RemoteIPHeader X-Real-IP

Restart the Apache. If you have set the proxy headers in nginx it will work like a charm and remote_addr in Apache will be correct

# nginx conf    
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
like image 37
mileusna Avatar answered Oct 06 '22 03:10

mileusna


Apache (requires mod_headers module):

SetEnvIf X-Real-IP "^(\d{1,3}+\.\d{1,3}+\.\d{1,3}+\.\d{1,3}+).*" XFF_CLIENT_IP=$1
RequestHeader set REMOTE_ADDR %{XFF_CLIENT_IP}e

REF for SetEnvIf RegEx: https://stackoverflow.com/a/10346093

Works also but doesn't verify input as IP:

SetEnvIf X-Real-IP "^(.*)" XFF_CLIENT_IP=$1
RequestHeader set REMOTE_ADDR %{XFF_CLIENT_IP}e

In PHP:

$_SERVER["HTTP_REMOTE_ADDR"]

-or-

$_SERVER["REMOTE_ADDR"]

No non-core Apache modules required

like image 38
Trevorw Avatar answered Oct 06 '22 02:10

Trevorw


You may try this simple PHP module

https://github.com/yohgaki/realip

It simply rewrites $_SERVER['REMOTE_ADDR'] with X-Forwarded-For or X-Real-IP whatever header you like. You can accomplish this with many different method, but I just would like to do it as PHP module. So I wrote it.

like image 20
Yasuo Ohgaki Avatar answered Oct 06 '22 04:10

Yasuo Ohgaki


I don't know whether REMOTE_ADDR can be manipulated - it could be that it can't - but you should be able to get hold of the X-Real-IP header within PHP through something like

$_SERVER["HTTP_X_Real_IP"]

or similar - check phpinfo() for the correct notation.

Also, Apache environment variables set in .htaccess should be visible in PHP.

like image 23
Pekka Avatar answered Oct 06 '22 03:10

Pekka


mod_rpaf (sudo apt-get install libapache2-mod-rpaf)

resolved all issues and REMOTE_ADDRR now looks Ok!..

like image 31
wacto Avatar answered Oct 06 '22 03:10

wacto