[Need image here]
Module mod_extract_forwarded
This module is contained in the mod_extract_forwarded.c file.
It transparently modifies a connection so that it looks like it came from
the IP behind a proxy server rather than the proxy itself.
You should really read the README file to understand the access control implications of using this module.
AllowForwarderCaching directive
Syntax: AllowForwarderCaching boolean
Context: server config, virtual host, directory,
.htaccess
Override: Options
Status: Contrib
Module: mod_extract_forwarded
AllowForwarderCaching determines if any caches along the request path are allowed to cache this response. On means any and all caches along the request path may cache this. Off means no caches along the request path may cache this. The default if this directive is not specified is On.
Example:
AllowForwarderCaching On <Location /sensitive> AllowForwarderCaching Off </Location>
This allows caching for the entire site, except for objects inside the
/sensitive location.
AddAcceptForwarder directive
Syntax: AddAcceptForwarder host
Context: server config, virtual host, directory,
.htaccess
Override: Options
Status: Contrib
Module: mod_extract_forwarded
AddAcceptForwarder adds host to the list of proxy hosts from which we will honor the X-Forwarded-For header and subsitute in the forwarded IP. The default if this directive is not set is to not honor X-Forwarded-For from any proxies. Note that this is cumulative inside container directives, adding to the accept list without destroying anything already in it. Host is one of the following:
all- X-Forwarded-For is processed for all proxy hosts
- A full IP address
- An IP address of a proxy host
- A hostname
- This must be a complete hostname (i.e. not a partial domain-name)
subject to the domain search path where the server is running. So if the
server is running on
www.systhug.comandsysthug.comis in the search path, we can useAddAcceptForwarder proxyfooand that will be looked up asproxyfoo.systhug.com
Example:
AddAcceptForwarder proxy1.systhug.com <Directory /home/httpd/html/all_public> AddAcceptForwarder proxy2.systhug.com </Directory>
This accepts X-Forwarded-For from proxy1 for the entire site, and
additionally accepts from proxy2 for objects in the
all_public directory.
RemoveAcceptForwarder directive
Syntax: RemoveAcceptForwarder host
Context: server config, virtual host, directory,
.htaccess
Override: Options
Status: Contrib
Module: mod_extract_forwarded
RemoveAcceptForwarder removes host from the list of proxy hosts from which we will honor the X-Forwarded-For header. The default if this directive is not set is to not honor X-Forwarded-For from any proxies. Note that this is cumulative inside container directives, removing host from the accept list but no others which are already in it. If host is not in the accept list the directive has no effect. Host is one of the following:
all- X-Forwarded-For is ignored for all proxy hosts
- A full IP address
- An IP address of a proxy host
- A hostname
- This must be a complete hostname (i.e. not a partial domain-name)
subject to the domain search path where the server is running. So if the
server is running on
www.systhug.comandsysthug.comis in the search path, we can useAddAcceptForwarder proxyfooand that will be looked up asproxyfoo.systhug.com
Example:
AddAcceptForwarder proxy1.systhug.com AddAcceptForwarder proxy2.systhug.com <Directory /home/httpd/html/dont_trust_proxy2> AddAcceptForwarder proxy3.systhug.com RemoveAcceptForwarder proxy2.systhug.com </Directory>
This accepts X-Forwarded-For from proxy1 and proxy2 for the entire
site, except inside the dont_trust_proxy2
directory. In there, it accepts from proxy1 and proxy3 but not proxy2.