Forum OpenACS Development: Re: ad_conn peeraddr

Collapse
8: Re: ad_conn peeraddr (response to 1)
Posted by Jay Dubanik on
Hi Gustaf,

Im interested in using your ReverseProxyMode
We have just started using Squid and have same problem with ad_conn peeraddr
Could you please describe in more detail how to implement this patch.

Regards,
Jay

Collapse
9: Re: ad_conn peeraddr (response to 8)
Posted by Gustaf Neumann on
quite simple:
  1. define in your config.tcl file (startup file for the aolserver) something like
    ns_section "ns/parameters"
            ns_param   home            $homedir
            ns_param   debug           false
            ns_param   ReverseProxyMode   true
            ....
    
  2. insert the snippet above into your packages/acs-tcl/tcl/request-processor-procs.tcl (just search for the place, where the peer_addr is set).
  3. make sure, your proxy inserts the x-forwarded-for header field.
When you restart the server, "ad_conn peer_addr" is set to the last x-forwarded-for addr in the header, usually the client. Some proxies have to option to drop incoming x-forwarded-for field, so spoofing this field can be avoided in general.

hope, this helps.