Bug 851768 - Review Request: mod_rpaf - Changes the remote IP in Apache to use client IP and not proxy IP
Review Request: mod_rpaf - Changes the remote IP in Apache to use client IP a...
Product: Fedora EPEL
Classification: Fedora
Component: Package Review (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Nobody's working on this, feel free to take it
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2012-08-25 09:40 EDT by Sebastien Caps
Modified: 2012-12-31 05:16 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-12-31 04:22:21 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Sebastien Caps 2012-08-25 09:40:40 EDT

mod_rpaf changes the remote address of the client visible to other
Apache modules when two conditions are satisfied. First condition is
that the remote client is actually a proxy that is defined in
httpd configuration file. 
Secondly if there is an incoming X-Forwarded-For header and the proxy 
is in it's list of known proxies it takes the last IP from the incoming 
X-Forwarded-For header and changes the remote address of the client in 
the request structure. It also takes the incoming X-Host header and 
updates the virtual host settings accordingly.
For Apache2 mod_proxy it takes the X-Forwared-Host header and updates 
the virtual hosts.

Fedora Account System Username: virer
Comment 1 Sebastien Caps 2012-08-29 11:28:37 EDT
el6 build ok 
Comment 2 Ville Skyttä 2012-12-29 16:41:49 EST
Is this version vulnerable to CVE-2012-3526?

Comment 3 Sebastien Caps 2012-12-31 04:18:58 EST
It is not affected since this version does not use debian custom patch
Comment 4 Sebastien Caps 2012-12-31 04:22:21 EST
Since I still lack of sponsor and I have no more time to spend on it, I close it.

Note You need to log in before you can comment on or make changes to this bug.