Documentation rebuild for mod_remoteip

    with the useragent IP address reported in the request header configured

    with the <code class="directive"><a href="#remoteipheader">RemoteIPHeader</a></code> directive.</p>

    <p>Additionally, this module implements the server side of

    HAProxy's

    <a href="http://blog.haproxy.com/haproxy/proxy-protocol/">Proxy Protocol</a> when

    using the <code class="directive"><a href="#remoteipproxyprotocolenable">RemoteIPProxyProtocolEnable</a></code>

    directive.</p>

    <p>Once replaced as instructed, this overridden useragent IP address is

    then used for the <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>

    <code class="directive"><a href="../mod/mod_authz_core.html#require">Require ip</a></code>

<li><img alt="" src="../images/down.gif" /> <a href="#remoteipinternalproxy">RemoteIPInternalProxy</a></li>

<li><img alt="" src="../images/down.gif" /> <a href="#remoteipinternalproxylist">RemoteIPInternalProxyList</a></li>

<li><img alt="" src="../images/down.gif" /> <a href="#remoteipproxiesheader">RemoteIPProxiesHeader</a></li>

<li><img alt="" src="../images/down.gif" /> <a href="#remoteipproxyprotocol">RemoteIPProxyProtocol</a></li>

<li><img alt="" src="../images/down.gif" /> <a href="#remoteiptrustedproxy">RemoteIPTrustedProxy</a></li>

<li><img alt="" src="../images/down.gif" /> <a href="#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></li>

</ul>

<li><code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code></li>

<li><code class="module"><a href="../mod/mod_status.html">mod_status</a></code></li>

<li><code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code></li>

<li><a href="http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt">Proxy Protocol Spec</a></li>

<li><a href="#comments_section">Comments</a></li></ul></div>

<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>

<div class="section">

RemoteIPProxiesHeader X-Forwarded-By</pre>

</div>

</div>

<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>

<div class="directive-section"><h2><a name="RemoteIPProxyProtocol" id="RemoteIPProxyProtocol">RemoteIPProxyProtocol</a> <a name="remoteipproxyprotocol" id="remoteipproxyprotocol">Directive</a></h2>

<table class="directive">

<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable, optionally enable or disable the proxy protocol handling</td></tr>

<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyProtocol On|Optional|Off</code></td></tr>

<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>

<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>

<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_remoteip</td></tr>

</table>

    <p>The <code class="directive">RemoteIPProxyProtocolEnable</code> enables or 

    disables the reading and handling of the proxy protocol connection header.

    If enabled with the <code>On</code> flag, the upstream client <em>must</em>

    send the header every time it opens a connection or the connection will

    be aborted. If enabled with the <code>Optional</code> flag, the upstream

    client <em>may</em> send the header.</p>

    <p>While this directive may be specified in any virtual host, it is

    important to understand that because the proxy protocol is connection

    based and protocol agnostic, the enabling and disabling is actually based

    on ip-address and port. This means that if you have multiple name-based

    virtual hosts for the same host and port, and you enable it any one of

    them, then it is enabled for all them (with that host and port). It also

    means that if you attempt to enable the proxy protocol in one and disable

    in the other, that won't work; in such a case the last one wins and a

    notice will be logged indicating which setting was being overridden.</p>

    <div class="note">When multiple virtual hosts on the same IP and port are

    configured with a combination of <code>On</code> and <code>Optional</code>

    flags, connections will not be aborted if the header is not sent.

    Instead, enforcement will happen after the request is read so virtual

    hosts configured with <code>On</code> will return a 400 Bad Request.

    Virtual hosts configured with <code>Optional</code> will continue as

    usual but without replacing the client IP information</div>

    <pre class="prettyprint lang-config">Listen 80

<VirtualHost *:80>

    ServerName www.example.com

    RemoteIPProxyProtocolEnable Optional

    #Requests to this virtual host may optionally not have

    # a proxy protocol header provided

</VirtualHost>

<VirtualHost *:80>

    ServerName www.example.com

    RemoteIPProxyProtocolEnable On

    #Requests to this virtual host must have a proxy protocol

    # header provided. If it is missing, a 400 will result

</VirtualHost>

Listen 8080

<VirtualHost *:8080>

    ServerName www.example.com

    RemoteIPProxyProtocolEnable On

    #Requests to this virtual host must have a proxy protocol

    # header provided. If it is missing, the connection will

    # be aborted

&lt;/VirtualHost&gt;</pre>

</div>

<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>

<div class="directive-section"><h2><a name="RemoteIPTrustedProxy" id="RemoteIPTrustedProxy">RemoteIPTrustedProxy</a> <a name="remoteiptrustedproxy" id="remoteiptrustedproxy">Directive</a></h2>

<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">

<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>

<!-- English Revision: 1704683 -->

<!-- English Revision: 1704683:1776578 (outdated) -->

<!-- French translation : Lucien GENTIS -->

<!-- Reviewed by : Vincent Deffontaines -->

  <variants>

    <variant>en</variant>

    <variant>fr</variant>

    <variant outdated="yes">fr</variant>

  </variants>

</metafile>