Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[httpd-remoteip.conf] Possible error in private IP space
See original GitHub issueHello,
With our team, we have noticed a possible error in httpd-remoteip.conf file
- since v4.2.0 : https://github.com/cloudfoundry/php-buildpack/blob/v4.2.0/defaults/config/httpd/extra/httpd-remoteip.conf#L5
- until current / master branch v4.3.30 : https://github.com/cloudfoundry/php-buildpack/blob/v4.3.30/defaults/config/httpd/extra/httpd-remoteip.conf#L5
So, in according to https://tools.ietf.org/html/rfc1918, in ‘3. Private Address Space’ section, private IP addresses are :
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
So, we have 172.16.0.0/12 in place of 176.16.0.0/12
In addition, we have add localhost IP address (127.0.0.1).
So, we have overload the file like this :
#
# Adjust IP Address based on header set by proxy
#
<IfModule remoteip_module>
RemoteIpHeader x-forwarded-for
RemoteIpInternalProxy 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
</IfModule>
#
# Set HTTPS environment variable if we came in over secure
# channel.
<IfModule setenvif_module>
SetEnvIf x-forwarded-proto https HTTPS=on
</IfModule>
Thanks in advance for your answer.
Enjoy 😉
Issue Analytics
- State:
- Created 6 years ago
- Comments:11 (3 by maintainers)
Top Results From Across the Web
I am Seeing an Error When Attempting to Add a Network
Common errors and how to resolve them. Private IP addresses are only viewable within your internal (local) network.
Read more >How can I resolve the AWS Glue error "The specified subnet ...
When you run a job in a virtual private cloud (VPC) subnet, AWS Glue sets up elastic network interfaces that allow your job...
Read more >mod_remoteip - Apache HTTP Server Version 2.4
The RemoteIPInternalProxy directive adds one or more addresses (or address blocks) to trust as presenting a valid RemoteIPHeader value of the useragent IP....
Read more >Retrieve the originating IP addresses of clients - Alibaba Cloud
You can use this module to retrieve the originating IP addresses of clients. Create a configuration file named httpd-remoteip.conf in the extra ...
Read more >Configure private IP networking | Cloud Composer
On this page · Before you begin · Check network requirements · Choose a network, subnetwork, and network ranges · Default IP ranges...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Thinking about this a little more, I think it’s good we don’t have the IfModule tags for the build pack. This configuration is required for apps running on CF, because you’re always going to be behind at least one layer of proxies.
If the module doesn’t load for some reason and we had IfModule tags, HTTPD would silently skip over this and just not configure it. That could in turn cause unexpected problems with the app, for example breaking enforcement of using HTTPS. I think it’s better if we don’t have the IfModule tags, so HTTPD will blow up and indicate there’s a problem. This shouldn’t ever happen, but if for some strange reason there was a bug we’d find it more quickly and could fix it.
Fixed on develop: 97bda3a80b1810c4076d276a7bb134227b3a96a8