Bug#425008: marked as done (apache2: handle X-FORWARDED-FOR by default)
Your message dated Fri, 07 Dec 2007 23:32:03 +0000
with message-id <E1J0mfr-0004J3-Pg@ries.debian.org>
and subject line Bug#425008: fixed in apache2 2.2.6-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apache2: handle X-FORWARDED-FOR by default
- From: Loic Dachary (OuoU) <loic@debian.org>
- Date: Fri, 18 May 2007 14:49:28 +0200
- Message-id: <87veeqxpnr.fsf@call.dachary.org>
Package: apache2
Version: 2.2.3-3.3
Severity: wishlist
When running apache2 from behind a proxy, the default log format
does not honor the X-Forwarded-For header. The attached patch modifies
the default format so that it is honored when present and has no effect
when not present.
--- a/etc/apache2/apache2.conf Thu May 03 23:57:15 2007 +0200
+++ b/etc/apache2/apache2.conf Thu May 03 23:59:07 2007 +0200
@@ -199,9 +199,12 @@ Include /etc/apache2/conf.d/
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_forwarded
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
+
+SetEnvIfNoCase X-Forwarded-For "." from_proxy=1
#
# ServerTokens
--- a/etc/apache2/sites-available/default Thu May 03 23:57:15 2007 +0200
+++ b/etc/apache2/sites-available/default Thu May 03 23:59:07 2007 +0200
@@ -34,7 +34,8 @@ NameVirtualHost *
# alert, emerg.
LogLevel warn
- CustomLog /var/log/apache2/access.log combined
+ CustomLog /var/log/apache2/access.log combined env=!from_proxy
+ CustomLog /var/log/apache2/access.log combined_forwarded env=from_proxy
ServerSignature On
http://garden.dachary.org/universe.html#%5B%5BApache%20x-forwarded-for%20log%20when%20behind%20a%20proxy%5D%5D
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-vserver-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages apache2 depends on:
ii apache2-mpm-prefork 2.2.3-3.3 Traditional model for Apache HTTPD
apache2 recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: apache2
Source-Version: 2.2.6-3
We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:
apache2-dbg_2.2.6-3_i386.deb
to pool/main/a/apache2/apache2-dbg_2.2.6-3_i386.deb
apache2-doc_2.2.6-3_all.deb
to pool/main/a/apache2/apache2-doc_2.2.6-3_all.deb
apache2-mpm-event_2.2.6-3_i386.deb
to pool/main/a/apache2/apache2-mpm-event_2.2.6-3_i386.deb
apache2-mpm-perchild_2.2.6-3_all.deb
to pool/main/a/apache2/apache2-mpm-perchild_2.2.6-3_all.deb
apache2-mpm-prefork_2.2.6-3_i386.deb
to pool/main/a/apache2/apache2-mpm-prefork_2.2.6-3_i386.deb
apache2-mpm-worker_2.2.6-3_i386.deb
to pool/main/a/apache2/apache2-mpm-worker_2.2.6-3_i386.deb
apache2-prefork-dev_2.2.6-3_i386.deb
to pool/main/a/apache2/apache2-prefork-dev_2.2.6-3_i386.deb
apache2-src_2.2.6-3_all.deb
to pool/main/a/apache2/apache2-src_2.2.6-3_all.deb
apache2-threaded-dev_2.2.6-3_i386.deb
to pool/main/a/apache2/apache2-threaded-dev_2.2.6-3_i386.deb
apache2-utils_2.2.6-3_i386.deb
to pool/main/a/apache2/apache2-utils_2.2.6-3_i386.deb
apache2.2-common_2.2.6-3_i386.deb
to pool/main/a/apache2/apache2.2-common_2.2.6-3_i386.deb
apache2_2.2.6-3.diff.gz
to pool/main/a/apache2/apache2_2.2.6-3.diff.gz
apache2_2.2.6-3.dsc
to pool/main/a/apache2/apache2_2.2.6-3.dsc
apache2_2.2.6-3_all.deb
to pool/main/a/apache2/apache2_2.2.6-3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 425008@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 07 Dec 2007 22:38:59 +0100
Source: apache2
Binary: apache2-utils apache2-prefork-dev apache2 apache2-mpm-prefork apache2-doc apache2-mpm-event apache2.2-common apache2-dbg apache2-mpm-worker apache2-src apache2-threaded-dev apache2-mpm-perchild
Architecture: source all i386
Version: 2.2.6-3
Distribution: unstable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description:
apache2 - Next generation, scalable, extendable web server
apache2-dbg - Apache debugging symbols
apache2-doc - documentation for apache2
apache2-mpm-event - Event driven model for Apache HTTPD
apache2-mpm-perchild - Transitional package - please remove
apache2-mpm-prefork - Traditional model for Apache HTTPD
apache2-mpm-worker - High speed threaded model for Apache HTTPD
apache2-prefork-dev - development headers for apache2
apache2-src - Apache source code
apache2-threaded-dev - development headers for apache2
apache2-utils - utility programs for webservers
apache2.2-common - Next generation, scalable, extendable web server
Closes: 255443 425008 450867
Changes:
apache2 (2.2.6-3) unstable; urgency=low
.
* Allocate fewer bucket brigades in case of a flush bucket. This might help
with the memory leaks reported in #399776 and #421557.
* Escape the HTTP method in error messages to avoid potential cross site
scripting vulnerabilities (CVE-2007-6203).
* Update 053_bad_file_descriptor_PR42829.dpatch to avoid a race condition.
* Redirect /doc/apache2-doc/manual/ to /manual/ in the apache2-doc config
(Closes: #450867).
* Add icons for .ogg and .ogm (Closes: #255443).
* Add comment about how to log X-Forwarded-For (Closes: #425008).
* Make mod_proxy_balancer not depend on mod_cache.
* Add Homepage field to debian/control.
* Add/fix some lintian overrides, fix some warnings.
* Bump Standards-Version (no changes).
Files:
d0709308aaa1e34d70b3c1f2c30e2e9d 1258 web optional apache2_2.2.6-3.dsc
4c727100246d502443e8d4cb7bd0b563 117860 web optional apache2_2.2.6-3.diff.gz
4ba07ff625ae3a7b82d284b41f6d6091 747690 web optional apache2.2-common_2.2.6-3_i386.deb
f20d8c43d5f895c46d3835940567b245 227086 web optional apache2-mpm-worker_2.2.6-3_i386.deb
c072de5dbc9b9d54d5c7c3a341dc76a2 223486 web optional apache2-mpm-prefork_2.2.6-3_i386.deb
68d316bd9feed6e160db53360498db82 227762 web optional apache2-mpm-event_2.2.6-3_i386.deb
cee789e467de0a674fafe09d934902b9 134610 web optional apache2-utils_2.2.6-3_i386.deb
9bfc5b5d7ddb3f3679fd4058b518a1a0 200862 devel extra apache2-prefork-dev_2.2.6-3_i386.deb
4bbbe212951415248cdfca4143df505f 201546 devel extra apache2-threaded-dev_2.2.6-3_i386.deb
47141ab05aca9c2abd6d637a14850df7 2277434 libdevel extra apache2-dbg_2.2.6-3_i386.deb
232f6cbc7dc57f247da3d767e0fedb5b 66570 web optional apache2-mpm-perchild_2.2.6-3_all.deb
454a202e970f763ceb327d1eeba8e870 42528 web optional apache2_2.2.6-3_all.deb
7fc6d649c73c5a01e9e687f0f6792ac0 2010790 doc optional apache2-doc_2.2.6-3_all.deb
38eaee43e46a2df9f8d878f048539964 6297250 devel extra apache2-src_2.2.6-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHWdTEbxelr8HyTqQRAsjcAKCIn8FCOBJW3DDh6Amh706eUzstSgCfbmQs
2C18/pw298il80TwF7/MUEA=
=dEQI
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: