Don't you have this:

Client->HTTP::Proxy 10.0.0.50->Apache 10.0.0.50->Application
[download]

The connection is from 10.0.0.50. mod_extract_forwarded fixes that problem.

I have the proxy at localhost:1081, using the proxy setting in the browser.

I should post the code to my proxy:

#!/usr/bin/perl
##
## live-test-proxy.pl
##
use strict;
use warnings;

my $port = 1081;
my $file = './http-proxy-recording.pl';

use HTTP::Proxy;
use HTTP::Recorder;

# create a new HTTP::Recorder object
my $agent = HTTP::Recorder->new(file => $file);

# create proxy and configure
my $proxy = HTTP::Proxy->new();
$proxy->port($port);
$proxy->agent( $agent );                 # set HTTP::Recorder as the a
+gent for the proxy
$proxy->x_forwarded_for(0);
$proxy->push_filter(
  host    => 'ceverett.medbanner.com',
  path    => '/cgi-bin/',
  request => EngineTestFilter->new(),
);

# start the proxy
$proxy->start();

package EngineTestFilter;
use base qw/HTTP::Proxy::HeaderFilter/;

use strict;
use warnings;
use Data::Dumper;

sub filter {
  my ($self, $headers, $request) = @_;

  my $uri = $request->uri();
  my ($location, $query) = split(/\?/, $uri);

  my %params = map { split /=/ } map { split /&/ } $query;

  $request->uri($location  .'?'.join('&', map { "$_=$params{$_}" } qw/
+a s/));
  $headers->header(Referer => $params{referer});
  $headers->remove_header('X-Forwarded-For');
  $headers->header('X-Forwarded-For' => $params{remote_ip});
}

1;
[download]

This proxy is making the connection to Apache. As such its IP is the remote_ip as far as Apache is concerned. See mod_extract_forwarded link that explains this and how to get Apache to accept the first non truscted proxy in the X-Forwarded-For list as the remote_ip.

cheers

tachyon