Forum OpenACS Q&A: ad_conn peeraddr not working

Request notifications

Collapse
Posted by Claudio Pasolini on
Looking at the log file I noticed that all the requests came from the same IP address, that of the server and not the real remote IP.

The behaviour is the same for instances that respond directly and for instances behind Nginx.

Inspecting the headers with the command ns_set array [ns_conn headers] I got:

Host 192.168.1.208 Connection keep-alive Content-Length 192 Cache-Control max-age=0 Origin http://192.168.1.208 Upgrade-Insecure-Requests 1 User-Agent {Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36} Content-Type application/x-www-form-urlencoded Accept {text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8} Referer http://192.168.1.208/ds/shell.tcl

where 192.168.1.208 is the server address. Trying the same command with an instance behind Nginx I got:

Host alter.cano.oasisoftware.com X-Real-IP 37.176.126.139 X-Forwarded-For 37.176.126.139 Connection close Content-Length 192 Origin http://alter.cano.oasisoftware.com Upgrade-Insecure-Requests 1 User-Agent {Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36} Content-Type application/x-www-form-urlencoded Accept {text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8} Referer http://alter.cano.oasisoftware.com/ds/shell

where 37.176.126.139 is my remote IP, but ad_conn peeraddr gives the server address 10.0.0.62 instead.
.
I'm running NaviServer 4.99.8, PG 9.3 and Oacs 5.8 on AWS EC2.

Collapse
Posted by Gustaf Neumann on
Dear Claudio,

this sounds like a configuration issue. [ad_conn peeraddr] is controlled via the parameter "ReverseProxyMode" in the "ns/parameters" section in the config file [1]. For details, see [2].

best regards
-gn

[1] https://bitbucket.org/naviserver/naviserver/src/748f415a9979077d917bbb957ff9e9ce0551ebff/openacs-config.tcl?at=default&fileviewer=file-view-default#openacs-config.tcl-147
[2] http://openacs.org/api-doc/proc-view?proc=ad_conn&source_p=1

Collapse
Posted by Claudio Pasolini on
Thank You very much, Gustaf.

I should have searched a bit more before posting.