[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#614666: thttpd 2.25b-11 sets REMOTE_ADDR to

Package: thttpd
Version: 2.25b-11
Severity: grave
Justification: causes non-serious data loss

thttpd 2.25b-11 introduces new behavior from 2.25b-9 that breaks http logging. The variable REMOTE_ADDR is now set to for many hosts rather than correctly showing the real external IP address. This means that requests are written to the access log coming from "" which is incorrect and misleading. This new behavior might be the result of the following patch: http://patch-tracker.debian.org/patch/series/view/thttpd/2.25b-11/10-x-forwarded-for-header.dpatch -- however, this patch is not a bug fix, it introduces completely new behavior over thttpd 2.25b-9 which is a mistake. If you wish to introduce new behavior like this that breaks our configurations, it should at least come as an option, not as the default. I'm now forced to compile thttpd from source if I wish the correct behavior (yes, thttpd compiled from source shows REMOTE_ADDR: external_ip, not localhost).

-- System Information:
Debian Release: wheezy/sid
  APT prefers oldstable
  APT policy: (500, 'oldstable'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.37-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages thttpd depends on:
ii  libc6                         2.11.2-11  Embedded GNU C Library: Shared lib

Versions of packages thttpd recommends:
ii  logrotate                     3.7.8-6    Log rotation utility

Versions of packages thttpd suggests:
ii  thttpd-util                   2.25b-11   tiny/turbo/throttling HTTP server 

-- no debconf information

Reply to: