Getting client ip address - Apache API

Getting client ip address - Apache API

Post by Joe Brea » Wed, 15 Mar 2000 04:00:00



Is there an API in Apache that can be used to get the ip address from a
client machine? If so, please point me to the documentation.

Thanks,

Joe

 
 
 

Getting client ip address - Apache API

Post by Peter » Thu, 16 Mar 2000 04:00:00



> Is there an API in Apache that can be used to get the ip address from a
> client machine? If so, please point me to the documentation.

Look in src/modules/standard/mod_log_config.c:

/* Note 'r' is a pointer to the request_rec structure */
static const char *log_remote_address(request_rec *r, char *a)
{
    /* I think the following is what you want */
    return r->connection->remote_ip;

Quote:}

-Peter

--
http://www.bastille-linux.org/ : working towards more secure Linux systems

 
 
 

Getting client ip address - Apache API

Post by David Efflan » Fri, 17 Mar 2000 04:00:00



>Is there an API in Apache that can be used to get the ip address from a
>client machine? If so, please point me to the documentation.

You can tell where the request comes from (REMOTE_ADDR in env), but that
is not necessarily the client machine.  It could be a cache, firewall,
proxy or masquerade box.  I was upset at one point when I was using my
static IP to limit access to one CGI and a router on the internet was
caching everything including CGI (which nothing should cache).  So the IP
that showed up in the script was the IP of the caching router instead of
my IP.  But we complained to the party involved and I think they have
stopped doing that.  But everybody on AOL goes through their proxy cache.

--

http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
http://hammer.prohosting.com/~cgi-wiz/  http://cgi-help.virtualave.net/

 
 
 

Getting client ip address - Apache API

Post by Alan J. Flavel » Fri, 17 Mar 2000 04:00:00



Quote:>  I was upset at one point when I was using my
> static IP to limit access to one CGI and a router on the internet was
> caching everything including CGI (which nothing should cache).

Just to clarify what you're saying here - the response from a CGI
script should be eligible for cacheing, or not eligible, in exactly
the same way as any other resource, i.e according to the HTTP headers
returned.

http://www.mnot.net/cache_docs/ includes a section about this
( http://www.mnot.net/cache_docs/#SCRIPT )

There are some cache proxies that treat URLs with /cgi... in them
heuristically, but this isn't really correct.

cheers

 
 
 

Getting client ip address - Apache API

Post by Peter » Fri, 17 Mar 2000 04:00:00




> >Is there an API in Apache that can be used to get the ip address from a
> >client machine? If so, please point me to the documentation.

> You can tell where the request comes from (REMOTE_ADDR in env), but that
> is not necessarily the client machine

Good point, though I don't know what can be done about it. Additional
observations: with AOL, the proxy server address will change for a given
user between HTTP requests. I don't know if having a long Keepalive timeout
will enable these users to "stick" to a certain proxy server, but in any
case, changing IP's for clients is a serious issue with AOL. Other ISP's are
starting to use "tools" like transparent proxy servers where the routers
reroute connections destined for port 80 to a proxy server; the algorithms
that govern these systems can result in behavior like the AOL proxies:
traffic may be routed through one of a number of different transparent
proxies, whose IP addresses the httpd will see, or the traffic may go
directly to the httpd, in which case the remote address is accurate. (An
interesting difference between this and AOL is that AOL's round-robbin
generally uses proxies in the same Class C or Class B space for any given
user session; with transparent proxying, the proxy address and actual
address may not even be in the same Class A space.) In some cases these
proxy servers will add a request header to the request they make of the
httpd that indicates the actual client IP address, something like Client-IP
which gets passed to most CGI's automatically as HTTP_CLIENT_IP, but that
being a client-supplied header rather than an observation about the TCP
connection, it's not reliable.

-Peter

--
http://www.bastille-linux.org/ : working towards more secure Linux systems