Bug #2769
closed$HTTP["remoteip"] with mod_extforward is not correct
Description
Hello,
I'm using lighttpd version 1.4.35-4+deb8u1 a Debian package with the module mod_extforward and the variable $HTTP["remoteip"] is not correct.
When I visit a page hosted on the lighttpd behind a nginx where his IP is trusted with extforward.forwarder inside the lighttpd, $HTTP["remoteip"] stay the nginx one and not the real IP of the visitor.
If my IP is zzz.zzz.zzz.zzz and the reverse proxy (nginx) is yyy.yyy.yyy.yyy and I try this inside lighttpd.conf :
$HTTP["remoteip"] !~ "xxx.xxx.xxx.xxx|zzz.zzz.zzz.zzz" {
$HTTP["url"] =~ "^/data/munin/" {
auth.require = ( "/data/munin/" =>
(
"method" => "basic",
"realm" => "Password protected area",
"require" => "user=root"
))
}
}
And I visit the link /data/munin/ with my IP zzz.zzz.zzz.zzz, lighttpd don't see my IP with $HTTP["remoteip"] behing the reverse proxy and ask me to authenticate me.
Someone could tell me if there is something to do in more or it's a bug or a feature please ?
Thank you in advance.
Élodie
Updated by gstrauss over 7 years ago
- Status changed from New to Invalid
The support forum is the place to ask questions: http://redmine.lighttpd.net/projects/lighttpd/boards/2
Please post there in the future. In this case, you probably want to use xxx\.xxx\.xxx\.xxx to escape each '.' in the regex.
BTW, lighttpd version 1.4.35 is incredibly old. Latest is lighttpd 1.4.43. Please correct your regex and use a more recent version to see if you still have an issue.
Also available in: Atom