[Bug 63349] New: RemoteIPProxyProtocol does not work with SNIProxy and IPv4

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Bug 63349] New: RemoteIPProxyProtocol does not work with SNIProxy and IPv4

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=63349

            Bug ID: 63349
           Summary: RemoteIPProxyProtocol does not work with SNIProxy and
                    IPv4
           Product: Apache httpd-2
           Version: 2.4.38
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_remoteip
          Assignee: [hidden email]
          Reporter: [hidden email]
  Target Milestone: ---

At least that's what I think is happening, since I get this error message in
the logs:

[Mon Apr 15 20:51:45.321321 2019] [remoteip:error] [pid 2476:tid
139944387405568] [client fd00:dead:beef:2::1:53228] AH03500:
RemoteIPProxyProtocol: invalid client-address '::ffff:1.1.1.1' found in header
'PROXY TCP6 ::ffff:1.1.1.1 ::ffff:172.21.0.3 49122 80'

(Public IP addresses changed in the log output.) On the other hand Let's
encrypt certificate authorization worked without problems and also an IPv6 test
from localhost worked while it always gives errors with IPv4 (unfortunately I
do not have any native IPv6 connectivity available for further testing). It
probably doesn't like the ::ffff:X.X.X.X format for representing mapped IPv4
addresses within IPv6. I'm honestly not sure why it doesn't just represent this
as an IPv4 address with TCP4, but it is a valid IPv6 so it should still be
parsable.

Any ideas?

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]