diff options
Diffstat (limited to 'docs/manual/mod/mod_remoteip.html.en')
| -rw-r--r-- | docs/manual/mod/mod_remoteip.html.en | 88 |
1 files changed, 36 insertions, 52 deletions
diff --git a/docs/manual/mod/mod_remoteip.html.en b/docs/manual/mod/mod_remoteip.html.en index 85185ae5..d15d36d5 100644 --- a/docs/manual/mod/mod_remoteip.html.en +++ b/docs/manual/mod/mod_remoteip.html.en @@ -9,7 +9,7 @@ <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> <link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> -<script src="../style/scripts/prettify.js" type="text/javascript"> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> </script> <link href="../images/favicon.ico" rel="shortcut icon" /></head> @@ -43,11 +43,11 @@ via the request headers. <p>The module overrides the client IP address for the connection with the useragent IP address reported in the request header configured - with the <code class="directive">RemoteIPHeader</code> directive.</p> + with the <code class="directive"><a href="#remoteipheader">RemoteIPHeader</a></code> directive.</p> <p>Once replaced as instructed, this overridden useragent IP address is then used for the <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> - <code class="directive"><a href="../mod/mod_authz_host.html#require ip"><Require ip></a></code> + <code class="directive"><a href="../mod/mod_authz_core.html#require">Require ip</a></code> feature, is reported by <code class="module"><a href="../mod/mod_status.html">mod_status</a></code>, and is recorded by <code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code> <code>%a</code> and <code class="module"><a href="../mod/core.html">core</a></code> <code>%a</code> format strings. The underlying client IP of the connection @@ -105,7 +105,7 @@ via the request headers. can record using the <code>%{remoteip-proxy-ip-list}n</code> format token. If the administrator needs to store this as an additional header, this same value can also be recording as a header using the directive - <code class="directive">RemoteIPProxiesHeader</code>.</p> + <code class="directive"><a href="#remoteipproxiesheader">RemoteIPProxiesHeader</a></code>.</p> <div class="note"><h3>IPv4-over-IPv6 Mapped Addresses</h3> As with httpd in general, any IPv4-over-IPv6 mapped addresses are recorded @@ -114,7 +114,7 @@ via the request headers. <div class="note"><h3>Internal (Private) Addresses</h3> All internal addresses 10/8, 172.16/12, 192.168/16, 169.254/16 and 127/8 blocks (and IPv6 addresses outside of the public 2000::/3 block) are only - evaluated by mod_remoteip when <code class="directive">RemoteIPInternalProxy</code> + evaluated by mod_remoteip when <code class="directive"><a href="#remoteipinternalproxy">RemoteIPInternalProxy</a></code> internal (intranet) proxies are registered.</div> </div> @@ -127,23 +127,19 @@ via the request headers. <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_remoteip</td></tr> </table> - <p>The <code class="directive">RemoteIPHeader</code> directive triggers + <p>The <code class="directive"><a href="#remoteipheader">RemoteIPHeader</a></code> directive triggers <code class="module"><a href="../mod/mod_remoteip.html">mod_remoteip</a></code> to treat the value of the specified <var>header-field</var> header as the useragent IP address, or list of intermediate useragent IP addresses, subject to further configuration - of the <code class="directive">RemoteIPInternalProxy</code> and - <code class="directive">RemoteIPTrustedProxy</code> directives. Unless these + of the <code class="directive"><a href="#remoteipinternalproxy">RemoteIPInternalProxy</a></code> and + <code class="directive"><a href="#remoteiptrustedproxy">RemoteIPTrustedProxy</a></code> directives. Unless these other directives are used, <code class="module"><a href="../mod/mod_remoteip.html">mod_remoteip</a></code> will trust all - hosts presenting a <code class="directive">RemoteIPHeader</code> IP value.</p> + hosts presenting a <code class="directive"><a href="#remoteipheader">RemoteIPHeader</a></code> IP value.</p> - <div class="example"><h3>Internal (Load Balancer) Example</h3><pre class="prettyprint lang-config"> - RemoteIPHeader X-Client-IP - </pre> + <div class="example"><h3>Internal (Load Balancer) Example</h3><pre class="prettyprint lang-config">RemoteIPHeader X-Client-IP</pre> </div> - <div class="example"><h3>Proxy Example</h3><pre class="prettyprint lang-config"> - RemoteIPHeader X-Forwarded-For - </pre> + <div class="example"><h3>Proxy Example</h3><pre class="prettyprint lang-config">RemoteIPHeader X-Forwarded-For</pre> </div> </div> @@ -156,18 +152,16 @@ via the request headers. <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_remoteip</td></tr> </table> - <p>The <code class="directive">RemoteIPInternalProxy</code> directive adds one + <p>The <code class="directive"><a href="#remoteipinternalproxy">RemoteIPInternalProxy</a></code> directive adds one or more addresses (or address blocks) to trust as presenting a valid RemoteIPHeader value of the useragent IP. Unlike the - <code class="directive">RemoteIPTrustedProxy</code> directive, any IP address + <code class="directive"><a href="#remoteiptrustedproxy">RemoteIPTrustedProxy</a></code> directive, any IP address presented in this header, including private intranet addresses, are trusted when passed from these proxies.</p> - <div class="example"><h3>Internal (Load Balancer) Example</h3><pre class="prettyprint lang-config"> -RemoteIPHeader X-Client-IP + <div class="example"><h3>Internal (Load Balancer) Example</h3><pre class="prettyprint lang-config">RemoteIPHeader X-Client-IP RemoteIPInternalProxy 10.0.2.0/24 -RemoteIPInternalProxy gateway.localdomain - </pre> +RemoteIPInternalProxy gateway.localdomain</pre> </div> </div> @@ -180,25 +174,21 @@ RemoteIPInternalProxy gateway.localdomain <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_remoteip</td></tr> </table> - <p>The <code class="directive">RemoteIPInternalProxyList</code> directive specifies + <p>The <code class="directive"><a href="#remoteipinternalproxylist">RemoteIPInternalProxyList</a></code> directive specifies a file parsed at startup, and builds a list of addresses (or address blocks) to trust as presenting a valid RemoteIPHeader value of the useragent IP.</p> <p>The '<code>#</code>' hash character designates a comment line, otherwise each whitespace or newline separated entry is processed identically to - the <code class="directive">RemoteIPInternalProxy</code> directive.</p> + the <code class="directive"><a href="#remoteipinternalproxy">RemoteIPInternalProxy</a></code> directive.</p> - <div class="example"><h3>Internal (Load Balancer) Example</h3><pre class="prettyprint lang-config"> -RemoteIPHeader X-Client-IP -RemoteIPInternalProxyList conf/trusted-proxies.lst - </pre> + <div class="example"><h3>Internal (Load Balancer) Example</h3><pre class="prettyprint lang-config">RemoteIPHeader X-Client-IP +RemoteIPInternalProxyList conf/trusted-proxies.lst</pre> </div> - <div class="example"><h3>conf/trusted-proxies.lst contents</h3><div class="example"><pre> -# Our internally trusted proxies; + <div class="example"><h3>conf/trusted-proxies.lst contents</h3><pre># Our internally trusted proxies; 10.0.2.0/24 #Everyone in the testing group -gateway.localdomain #The front end balancer - </pre></div></div> +gateway.localdomain #The front end balancer</pre></div> </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> @@ -210,18 +200,16 @@ gateway.localdomain #The front end balancer <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_remoteip</td></tr> </table> - <p>The <code class="directive">RemoteIPProxiesHeader</code> directive specifies + <p>The <code class="directive"><a href="#remoteipproxiesheader">RemoteIPProxiesHeader</a></code> directive specifies a header into which <code class="module"><a href="../mod/mod_remoteip.html">mod_remoteip</a></code> will collect a list of all of the intermediate client IP addresses trusted to resolve the useragent IP of the request. Note that intermediate - <code class="directive">RemoteIPTrustedProxy</code> addresses are recorded in + <code class="directive"><a href="#remoteiptrustedproxy">RemoteIPTrustedProxy</a></code> addresses are recorded in this header, while any intermediate - <code class="directive">RemoteIPInternalProxy</code> addresses are discarded.</p> + <code class="directive"><a href="#remoteipinternalproxy">RemoteIPInternalProxy</a></code> addresses are discarded.</p> - <div class="example"><h3>Example</h3><pre class="prettyprint lang-config"> -RemoteIPHeader X-Forwarded-For -RemoteIPProxiesHeader X-Forwarded-By - </pre> + <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">RemoteIPHeader X-Forwarded-For +RemoteIPProxiesHeader X-Forwarded-By</pre> </div> </div> @@ -234,20 +222,18 @@ RemoteIPProxiesHeader X-Forwarded-By <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_remoteip</td></tr> </table> - <p>The <code class="directive">RemoteIPTrustedProxy</code> directive adds one + <p>The <code class="directive"><a href="#remoteiptrustedproxy">RemoteIPTrustedProxy</a></code> directive adds one or more addresses (or address blocks) to trust as presenting a valid RemoteIPHeader value of the useragent IP. Unlike the - <code class="directive">RemoteIPInternalProxy</code> directive, any intranet + <code class="directive"><a href="#remoteipinternalproxy">RemoteIPInternalProxy</a></code> directive, any intranet or private IP address reported by such proxies, including the 10/8, 172.16/12, 192.168/16, 169.254/16 and 127/8 blocks (or outside of the IPv6 public 2000::/3 block) are not trusted as the useragent IP, and are left in the - <code class="directive">RemoteIPHeader</code> header's value.</p> + <code class="directive"><a href="#remoteipheader">RemoteIPHeader</a></code> header's value.</p> - <div class="example"><h3>Trusted (Load Balancer) Example</h3><pre class="prettyprint lang-config"> -RemoteIPHeader X-Forwarded-For + <div class="example"><h3>Trusted (Load Balancer) Example</h3><pre class="prettyprint lang-config">RemoteIPHeader X-Forwarded-For RemoteIPTrustedProxy 10.0.2.16/28 -RemoteIPTrustedProxy proxy.example.com - </pre> +RemoteIPTrustedProxy proxy.example.com</pre> </div> </div> @@ -260,18 +246,16 @@ RemoteIPTrustedProxy proxy.example.com <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_remoteip</td></tr> </table> - <p>The <code class="directive">RemoteIPTrustedProxyList</code> directive specifies + <p>The <code class="directive"><a href="#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></code> directive specifies a file parsed at startup, and builds a list of addresses (or address blocks) to trust as presenting a valid RemoteIPHeader value of the useragent IP.</p> <p>The '<code>#</code>' hash character designates a comment line, otherwise each whitespace or newline separated entry is processed identically to - the <code class="directive">RemoteIPTrustedProxy</code> directive.</p> + the <code class="directive"><a href="#remoteiptrustedproxy">RemoteIPTrustedProxy</a></code> directive.</p> - <div class="example"><h3>Trusted (Load Balancer) Example</h3><pre class="prettyprint lang-config"> -RemoteIPHeader X-Forwarded-For -RemoteIPTrustedProxyList conf/trusted-proxies.lst - </pre> + <div class="example"><h3>Trusted (Load Balancer) Example</h3><pre class="prettyprint lang-config">RemoteIPHeader X-Forwarded-For +RemoteIPTrustedProxyList conf/trusted-proxies.lst</pre> </div> <div class="example"><h3>conf/trusted-proxies.lst contents</h3><p><code> @@ -303,7 +287,7 @@ var comments_identifier = 'http://httpd.apache.org/docs/2.4/mod/mod_remoteip.htm } })(window, document); //--><!]]></script></div><div id="footer"> -<p class="apache">Copyright 2013 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="apache">Copyright 2014 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- if (typeof(prettyPrint) !== 'undefined') { prettyPrint(); |