Apache2 Spamhaus and X Forwarded Module

March 22nd, 2009

This is similar to the defensible module I tried out last year, but it appears to work really well. Its available in debian, which is convenient, but since I run Apache behind a reverse proxy (most likely Varnish), I need to switch around the X-Forwarded-For headers.

Thankfully, this works fine: Since the author of mod_extract_forwarded used Apache 2.0, I've just emailed to share that I have succeeded in compiling it with 2.2:

Just a heads up that mod_extract_forwarded.c works for me with Apache 2.2 on Debian Squeeze. I'm using it to bridge between Varnish and mod-spamhaus.

I did run into a small issue on debian, the proxy modules must be loaded first, and apxs2 couldn't activate the module for me in httpd.conf (because its blank on debian). I used this name as the module loader: "proxy_xtract_forwarded", and this as its contents:

LoadModule extract_forwarded_module  /usr/lib/apache2/modules/

And for the configuration:

<IfModule mod_extract_forwarded.c>
MEFaccept all
MEFdebug off

Note: this is on my development machine. I'll change MEFaccept on any production machines I install this on.

For more information on mod-spamhaus, here's a link to the author's website: Luca Ercoli.

This page about X-Forwarded-For at the Varnish trac was helpful too.

Yearly Indexes: 2003 2004 2006 2007 2008 2009 2010 2011 2012 2013 2015 2019 2020 2022