SetEnvIf bug
6 posts
• Page 1 of 1
SetEnvIf bug
We use helicon APE 3.1.0.138
It looks like the SetEnvIf has some kind of bug.
We use this .HTACCESS to overwrite the REMOTE_ADDR with the forwarded user IP (because of a load balancer situation)
RewriteEngine on
# Schrijf en gebruik de juiste headers.
SetEnvIf X-Forwarded-For (.+) REMOTE_ADDR=$1
But once in a while when we read the REMOTE_ADDR in asp the REQUEST.SERVERVARIABLES("REMOTE_ADDR") is filled with "$1" instead of an actual IP address. This is problematic because in some sites we only allow certain IP addresses access. So the behaviour is now that a user gets kicked out of the application once in a while. To test this i wrote the remote_addr to the kickout URL and noticed that it contained "$1". So it seems pretty obvious that APE put the $1 in here, but why does this happen ?
edit: helicon APE is installed on Windows Server 2012 R2 with IIS 8.5
It looks like the SetEnvIf has some kind of bug.
We use this .HTACCESS to overwrite the REMOTE_ADDR with the forwarded user IP (because of a load balancer situation)
RewriteEngine on
# Schrijf en gebruik de juiste headers.
SetEnvIf X-Forwarded-For (.+) REMOTE_ADDR=$1
But once in a while when we read the REMOTE_ADDR in asp the REQUEST.SERVERVARIABLES("REMOTE_ADDR") is filled with "$1" instead of an actual IP address. This is problematic because in some sites we only allow certain IP addresses access. So the behaviour is now that a user gets kicked out of the application once in a while. To test this i wrote the remote_addr to the kickout URL and noticed that it contained "$1". So it seems pretty obvious that APE put the $1 in here, but why does this happen ?
edit: helicon APE is installed on Windows Server 2012 R2 with IIS 8.5
Re: SetEnvIf bug
Hello,
We will check this situation ASAP, but meanwhile could you try to get the error.log records for the request that resulted in $1 staying as a value.
Also, could you look into your application and figure out if it is possible that ASP fires before Ape and thus the value for REMOTE_ADDR is not yet in place.
We will check this situation ASAP, but meanwhile could you try to get the error.log records for the request that resulted in $1 staying as a value.
Also, could you look into your application and figure out if it is possible that ASP fires before Ape and thus the value for REMOTE_ADDR is not yet in place.
Re: SetEnvIf bug
error logging is disabled, because its running on a big webfarm that would generate big log files. Is it possible to do error logging for certain domains only?
If ASP would have fired before APE then it would be a weird coincidence that the local_addr was replaced with the string "$1". I have no clue what other program except for APE would perform such a replace. Can you describe behaviour that would cause APE to do so ?
For example would APE replace it with "$1" if the X-Forwarded-For variabele is not set/available ?
If ASP would have fired before APE then it would be a weird coincidence that the local_addr was replaced with the string "$1". I have no clue what other program except for APE would perform such a replace. Can you describe behaviour that would cause APE to do so ?
For example would APE replace it with "$1" if the X-Forwarded-For variabele is not set/available ?
Re: SetEnvIf bug
Hello,
"For example would APE replace it with "$1" if the X-Forwarded-For variabele is not set/available?"
- this is highly unlikely. This is probably a thought in the wrong direction.
"error logging is disabled, because its running on a big webfarm"
- is there a possibility to try and reproduce this behavior in a test environment? It would also be interesting from the point of recurrence of this abnormal result.
"For example would APE replace it with "$1" if the X-Forwarded-For variabele is not set/available?"
- this is highly unlikely. This is probably a thought in the wrong direction.
"error logging is disabled, because its running on a big webfarm"
- is there a possibility to try and reproduce this behavior in a test environment? It would also be interesting from the point of recurrence of this abnormal result.
Re: SetEnvIf bug
If this is unlikely can you think of any other circumstance in which APE would behave like this ?
unfortunately we don't have a seperate test server in our farm
Is it safe to turn on error handling for just a few minutes even though the webserver handles 1000nds of requests ? Or would it generate so much debugging information it would be impossible to pinpoint a possible bug ?
If it is safe, how can i enable this error logging?
unfortunately we don't have a seperate test server in our farm
Is it safe to turn on error handling for just a few minutes even though the webserver handles 1000nds of requests ? Or would it generate so much debugging information it would be impossible to pinpoint a possible bug ?
If it is safe, how can i enable this error logging?
Re: SetEnvIf bug
Hello,
"Or would it generate so much debugging information it would be impossible to pinpoint a possible bug?"
- yes, it think this is just the case. It would be rather difficult to identify the problem in the loads of data that we might get.
We will try to test on our side, however it would be great if you could also try to achieve the same behavior by creating and testing the site on some no-so-heavily-loaded machine,
"Or would it generate so much debugging information it would be impossible to pinpoint a possible bug?"
- yes, it think this is just the case. It would be rather difficult to identify the problem in the loads of data that we might get.
We will try to test on our side, however it would be great if you could also try to achieve the same behavior by creating and testing the site on some no-so-heavily-loaded machine,
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 19 guests