Skip to content

Add configurable REMOTEIP_HEADER environment variable for Apache #377

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fzipi merged 1 commit into from
Oct 16, 2025
Merged

Add configurable REMOTEIP_HEADER environment variable for Apache #377

fzipi merged 1 commit into from
Oct 16, 2025

Conversation

@frankenbubble
Copy link

@frankenbubble frankenbubble commented Sep 18, 2025

  • Add REMOTEIP_HEADER environment variable with X-Forwarded-For default
  • Replace hardcoded RemoteIPHeader with ${REMOTEIP_HEADER} variable
  • Update both regular and Alpine Dockerfiles
  • Add documentation to README.md
  • Maintains backward compatibility while allowing custom headers
  • Enables CloudFront setups to use alternative header sources, such as CloudFront-Viewer-Address , vastly simplifying maintaining trusted ip lists

fzipi
fzipi reviewed Sep 20, 2025
View reviewed changes
Copy link
Member

@fzipi fzipi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your contribution!

Won't we need to propagate this to nginx configuration templates also?

@fzipi
Copy link
Member

fzipi commented Sep 20, 2025

Somewhere around https://github.com/coreruleset/modsecurity-crs-docker/blob/main/nginx/templates/includes/proxy_backend.conf.template#L5-L8 ?

@frankenbubble
Copy link
Author

frankenbubble commented Sep 20, 2025

Hi, I believe its set here , https://github.com/coreruleset/modsecurity-crs-docker/blob/main/nginx/templates/includes/proxy_backend.conf.template#L20 , my thought was to add the equivalent feature into apache

@fzipi
Copy link
Member

fzipi commented Sep 20, 2025

Hi @frankenbubble. Reading the docs:

var desc
SET_REAL_IP_FROM A string of comma separated IP, CIDR, or UNIX domain socket addresses that are trusted to replace addresses in REAL_IP_HEADER (Default: 127.0.0.1). See set_real_ip_from

So I think this is for a different setting.

@frankenbubble
Copy link
Author

frankenbubble commented Sep 20, 2025

Hi, I mean Line 20, real_ip_header ${REAL_IP_HEADER}; , not SET_REAL_IP_FROM

fzipi
fzipi approved these changes Sep 20, 2025
View reviewed changes
Copy link
Member

@fzipi fzipi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM for apache then.

@fzipi
Copy link
Member

fzipi commented Sep 20, 2025

Last ask @frankenbubble: can you sign your commits and ammend this PR? Commits must have verified signatures.

@fzipi
Copy link
Member

fzipi commented Oct 3, 2025

ping @frankenbubble

@frankenbubble frankenbubble force-pushed the feature/configurable-remoteip-header branch from cb251ec to 79f53f4 Compare October 13, 2025 19:14
@frankenbubble
Add configurable REMOTEIP_HEADER environment variable
a3747b3 
- Add REMOTEIP_HEADER environment variable with X-Forwarded-For default
- Replace hardcoded RemoteIPHeader with ${REMOTEIP_HEADER} variable
- Update both regular and Alpine Dockerfiles
- Add documentation to README.md
- Maintains backward compatibility while allowing custom headers
- Enables CloudFront/proxy setups to use alternative header sources
@frankenbubble frankenbubble force-pushed the feature/configurable-remoteip-header branch from 79f53f4 to a3747b3 Compare October 13, 2025 19:24
@fzipi fzipi merged commit 80c00f8 into coreruleset:main Oct 16, 2025
15 of 18 checks passed
@theseion theseion added the enhancement New feature or request label Oct 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fzipi fzipi fzipi approved these changes

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@frankenbubble @fzipi @theseion