Apache 2 REMOTE_ADDR with ProxyPass

Hi

I am using Apache 2 on Fedora Core 8 to proxy Oracle Application Express (apex) running on Oracle XE. I am using

ProxyPass /apex http://127.0.0.1:8080/apex
ProxyPassReverse /apex http://127.0.0.1:8080/apex

The problem is that When I read REMOTE_ADDR from within Apex it returns me 127.0.0.1 instead of IP of the user. I belive this is happening since Apex is receiving requests from Apache not directly by the end-user.

Can someone suggest an easy solution to this. I am not quite expert on Apache just do some easy tasks.

I have also attached my Apache configuration file with this.
httpd.txt
systemsautomationAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ravenplCommented:
Apart from REMOTE_ADDR look at VIA header, which should be appended to the http request on proxies.
0
ravenplCommented:
Actually I meant HTTP_X_FORWARDED_FOR header - sorry.
0
systemsautomationAuthor Commented:
Thanks for reply.
Can you please guide me how to APPEND it. I am a bigener in this area.
Sorry if my question seems to be stupid.
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

ravenplCommented:
The apache proxy module should do it by default. It's the server side application should check if the header is present, if so, it should contain list of forwarded-for IPs
The "Via" http header should contain a list of proxies that forwarded the request.
0
systemsautomationAuthor Commented:
I tried your suggestion but it returns null

htp.p(
  owa_util.get_cgi_env('REMOTE_ADDR')|| '  -  '||
  owa_util.get_cgi_env('HTTP_X_FORWARDED_FOR') );


returns

127.0.0.1 -

I just read a post on Oracle Apex Forum
http://forums.oracle.com/forums/thread.jspa?messageID=1262928�

It seems that HTTP_X_FORWARDED_FOR is not being used by Oracle XE. It is using X-Oracle-Cache-User instead. But to setup this there is some Rewrite required. But when I am writing

DocumentRoot "/var/www/vh.dbserver"
ServerName vh.dbserver

<Directory "/var/www/vh.dbserver">
allow from all
Options +Indexes

RewriteEngine On

RewriteCond %{REMOTE_ADDR} ^(.*)
RewriteRule ^.* - env=MY_VAL:%1
RequestHeader set X-Oracle-Cache-User "%{MY_VAL}e"

RewriteCond %{REQUEST_URI} /((^/+)(/.*)*)$
RewriteCond %2 =apex OR
RewriteCond %2 =i OR
RewriteCond %2 =public OR
RewriteCond %2 =sys
RewriteRule ^/(.*) http://192.168.0.10:8080/%1 [P]

</Directory>


Syntax error on line 1079 of /etc/httpd/conf/httpd.conf:
RewriteCond: bad flag delimiters


Please help me It is very urgent.

Zulqarnain
0
ravenplCommented:
> owa_util.get_cgi_env('HTTP_X_FORWARDED_FOR') );
The exact header is "X-Forwarded-For", HTTP_X_FORWARDED_FOR is php's name only.
Therefore try either get_cgi_env('X_FORWARDED_FOR') or get_cgi_env('X-FORWARDED-FOR')
Or maybe You can directly read http request headers?
Unfortunately I'm not familiar with apex.

As for Your rules, try simply adding simply appending the required variable, no need for actual rules

RequestHeader set X-Oracle-Cache-User %{REMOTE_ADDR}

The error comes from the fact, that "OR" has to be "[OR]"
0
systemsautomationAuthor Commented:
Now I feel a little closer to the solution:

RequestHeader set X-Oracle-Cache-User %{REMOTE_ADDR}

Gives Syntax error on line 1096 of /etc/httpd/conf/httpd.conf:
Unrecognized header format %

So I added e at the end of the statement making it

RequestHeader set X-Oracle-Cache-User %{REMOTE_ADDR}e

it returns

HTTP_X_ORACLE_CACHE_USER = (null)


But when I change it to

RequestHeader set X-Oracle-Cache-User %{REMOTE_ADDR}e

Then i changed it to

RequestHeader set X-Oracle-Cache-User 123

Just to test it if Oracle is receiving or not

HTTP_X_ORACLE_CACHE_USER = 123

Not it seems Oracle is receving but %{REMOTE_ADDR}e is not setting any value.

I hope that with your support I would be successful in fixing the problem.
0
ravenplCommented:
Yes, that's strange, You can give a try with quoted " %{REMOTE_ADDR}" but You probably have to workaround that with Your original idea

RewriteEngine On
RewriteCond %{REMOTE_ADDR} (.*)
RewriteRule .* - [E=REMOTEA:%1]
RequestHeader set X-Oracle-Cache-User "%{REMOTEA}"
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
systemsautomationAuthor Commented:
Yes the following worked

RewriteEngine On
RewriteCond %{REMOTE_ADDR} (.*)
RewriteRule .* - [E=REMOTEA:%1]
RequestHeader set X-Oracle-Cache-User "%{REMOTEA}e"


I am really very much thankful for your constant help & support.

Best regards my friend. You made my day.

Zulqarnain
0
systemsautomationAuthor Commented:
Thanks a lot
0
harvest-softCommented:
Hi,

I've a related question to fix a similar problem. I would like to check if the REMOTE_ADDR is same as HTTP_X_FORWARDED_FOR

If not, change the REMOTE_ADDR to HTTP_X_FORWARDED_FOR

This is to get some application see the actual client ip. CRITICAL, so need ASAP.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.