Bug#614666: thttpd 2.25b-11 sets REMOTE_ADDR to 127.0.0.1
Package: thttpd
Version: 2.25b-11
Severity: grave
Justification: causes non-serious data loss
thttpd 2.25b-11 introduces new behavior from 2.25b-9 that breaks http logging. The variable REMOTE_ADDR is now set to 127.0.0.1 for many hosts rather than correctly showing the real external IP address. This means that requests are written to the access log coming from "127.0.0.1" which is incorrect and misleading. This new behavior might be the result of the following patch: http://patch-tracker.debian.org/patch/series/view/thttpd/2.25b-11/10-x-forwarded-for-header.dpatch -- however, this patch is not a bug fix, it introduces completely new behavior over thttpd 2.25b-9 which is a mistake. If you wish to introduce new behavior like this that breaks our configurations, it should at least come as an option, not as the default. I'm now forced to compile thttpd from source if I wish the correct behavior (yes, thttpd compiled from source shows REMOTE_ADDR: external_ip, not localhost).
-- System Information:
Debian Release: wheezy/sid
APT prefers oldstable
APT policy: (500, 'oldstable'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.37-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages thttpd depends on:
ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib
Versions of packages thttpd recommends:
ii logrotate 3.7.8-6 Log rotation utility
Versions of packages thttpd suggests:
ii thttpd-util 2.25b-11 tiny/turbo/throttling HTTP server
-- no debconf information
Reply to: