This module is contained in the mod_extract_forwarded.c
file.
It transparently modifies a connection so that it looks like it came from
the IP behind a proxy server rather than the proxy itself.
You should really read the README file to understand the access control implications of using this module.
Syntax: AllowForwarderCaching boolean
Context: server config, virtual host, directory,
.htaccess
Override: Options
Status: Contrib
Module: mod_extract_forwarded
AllowForwarderCaching determines if any caches along the request path are allowed to cache this response. On means any and all caches along the request path may cache this. Off means no caches along the request path may cache this. The default if this directive is not specified is On.
Example:
AllowForwarderCaching On <Location /sensitive> AllowForwarderCaching Off </Location>
This allows caching for the entire site, except for objects inside the
/sensitive
location.
Syntax: AddAcceptForwarder host
Context: server config, virtual host, directory,
.htaccess
Override: Options
Status: Contrib
Module: mod_extract_forwarded
AddAcceptForwarder adds host to the list of proxy hosts from which we will honor the X-Forwarded-For header and subsitute in the forwarded IP. The default if this directive is not set is to not honor X-Forwarded-For from any proxies. Note that this is cumulative inside container directives, adding to the accept list without destroying anything already in it. Host is one of the following:
all
www.systhug.com
and
systhug.com
is in the search path, we can use
AddAcceptForwarder proxyfoo
and that will be looked up as
proxyfoo.systhug.com
Example:
AddAcceptForwarder proxy1.systhug.com <Directory /home/httpd/html/all_public> AddAcceptForwarder proxy2.systhug.com </Directory>
This accepts X-Forwarded-For from proxy1 for the entire site, and
additionally accepts from proxy2 for objects in the
all_public
directory.
Syntax: RemoveAcceptForwarder host
Context: server config, virtual host, directory,
.htaccess
Override: Options
Status: Contrib
Module: mod_extract_forwarded
RemoveAcceptForwarder removes host from the list of proxy hosts from which we will honor the X-Forwarded-For header. The default if this directive is not set is to not honor X-Forwarded-For from any proxies. Note that this is cumulative inside container directives, removing host from the accept list but no others which are already in it. If host is not in the accept list the directive has no effect. Host is one of the following:
all
www.systhug.com
and
systhug.com
is in the search path, we can use
RemoveAcceptForwarder proxyfoo
and that will be looked up as
proxyfoo.systhug.com
Example:
AddAcceptForwarder proxy1.systhug.com AddAcceptForwarder proxy2.systhug.com <Directory /home/httpd/html/dont_trust_proxy2> AddAcceptForwarder proxy3.systhug.com RemoveAcceptForwarder proxy2.systhug.com </Directory>
This accepts X-Forwarded-For from proxy1 and proxy2 for the entire
site, except inside the dont_trust_proxy2
directory. In there, it accepts from proxy1 and proxy3 but not proxy2.