Retrieving a site visitor's IP address
Created by .
Last modified on 2003/08/05.
HowTo: Using Apache's mod_proxy_add_forward To Retrieve a Site Visitor's IP Address
Many organizations maintain Web sites that contain resources
of use to visitors from inside
the organization as well as outside. Modifying your
site's content based on the visitor's IP address
can make your site more user friendly.
A common approach to configuring Zope is to
use Apache as a front-end either for its virtual
hosting or proxying capabilities. Unfortunately,
using Apache in this way makes it impossible to
determine a visitor's IP address because Zope's
REQUEST variable will contain references to Apache
running on the server instead of the actual site
visitor. A more thorough discussion of this issue
can be found in the Apache+ZServer+SSL HowTo.
Apache's mod_proxy_add_forward module
Bjoern Hansen has written a tiny little Apache module called
mod_proxy_add_forward that adds an HTTP header called HTTP_X_FORWARDED_FOR.
The source for this module is available from http://develooper.com/code/mpaf/.
The source code contains some instructions for installing it. The module
is also available in binary form in Debian's "testing." Just apt-get install libapache-mod-proxy-add-forward
to download and install the module. Total installation time was less than
one minute on my system. I suspect there are RPM versions out there as
well.
Using mod_proxy_add_forward
Once you've installed mod_proxy_add_forward and restarted Apache,
you can confirm that it's working by creating the following code in a
DTML Method in the root of your Zope:
<dtml-var REQUEST>
This is a useful method to have because it allows you to quickly
examine the contents of REQUEST from anywhere in your Zope site by using
acquisition. Just tag the name of the DTML Method onto the end of a
URL and you'll see what the REQUEST variable contains.
If mod_proxy_add_forward has been successfully installed, you will
see an HTTP_X_FORWARDED_FOR field in REQUEST. HTTP_X_FORWARDED_FOR
should contain the IP address of your browser or, if you are behind a
proxy server yourself, the IP of the your nearest proxy. In any case the
IP should not be the same as your Web server.
Modifying site content based on HTTP_X_FORWARDED_FOR
If you can see HTTP_X_FORWARDED_FOR in REQUEST then you can modify
your site's content based on its contents. In my case, I created a Python
Script in the root of my Zope called isLocal. The script has the
following code:
REQUEST = container.REQUEST
if REQUEST.HTTP_X_FORWARDED_FOR[:12] == '111.222.333.':
return 1
else:
return 0
You will have to replace the if line with something that matches
your organization's IP addresses. In my case we have a class C range, so
I simply check to see if the first 12 characters of HTTP_X_FORWARDED_FOR
matches our class C.
To complete the test I created a DTML Method called localCheck
with the following code and placed it in my Zope root as well:
<dtml-var standard_html_header>
<dtml-if isLocal>
You're browsing from within the LAN.
<dtml-else>
You're browsing from outside LAN.
</dtml-if>
<dtml-var standard_html_footer>
Testing this code is as simple as calling the localCheck method
by visiting a URL like http://www.myzopesite.spam/localCheck.
Security considerations
You may be tempted to use this method to control access to your
site's contents. Basing security on the reported IP address of a site
visitor is not an appropriate security strategy. It is possible to
fake IP addresses. Using HTTP_X_FORWARDED_FOR is useful for making
your site more user friendly by disabling links to resources that are
only accessible from within your LAN, for example.
Log in
Forgot your password?