Permalink
Browse files

Bugfix: wrong remote_addr is set.

  • Loading branch information...
1 parent 891ab76 commit 345365cc4d37b9369a3495ba49ac55a1061dc8f8 @invalid-email-address invalid-email-address committed Feb 16, 2016
Showing with 97 additions and 53 deletions.
  1. +0 −48 README
  2. +55 −0 README.md
  3. +42 −5 mod_rpaf-2.0.c
View
@@ -1,48 +0,0 @@
-## mod_rpaf - reverse proxy add forward
-
-This module gets values of host and remote address from an reverse proxy,
-sets host and remote addresss to httpd.
-This module was originally written by Thomas Eibner <thomas@stderr.net>.
-
-The differences from the original module are:
-* Feature: Support for partial IP address as '10.1.' for RPAFproxy_ips. The author of this patch is unknown.
-* Feature: Recursive ip extraction with RPAFrecursive directive.
-* Bugfix: In the case of APR_HAVE_IPV6-enabled build, access control of Order/Allow/Deny does not work correctly.
-* Support of httpd 1.3 was deleted.
-
-## Compile and Install
-
- apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
-or simply try:
- make; make install
-
-## Configuration Directives
-
- RPAFenable On
- # Enable reverse proxy add forward
- RPAFproxy_ips 127.0.0.1 10.0.0.1 172.16. 192.168.
- # which ips are forwarding requests to us
- RPAFsethostname On
- # let rpaf update vhost settings
- # allows to have the same hostnames as in the "real"
- # configuration for the forwarding Apache
- RPAFheader X-Forwarded-For
- # Allows you to change which header mod_rpaf looks
- # for when trying to find the ip the that is forwarding
- # our requests
- RPAFrecursive On
- # If recursive search is disabled, remote address is replaced by the
- # last address in RPAFheader directive. If recursive search is
- # enabled, remote address is replaced by the last non-trusted address
- # in RPAFheader directive.
-
-## Author
-* Thomas Eibner <thomas@stderr.net>
-* Takashi Takizawa <taki@cyber.email.ne.jp>
-
-## License
-This software is licensed under the [Apache License](http://www.apache.org/licenses/LICENSE).
-
-## Distribution
-Latest version available from https://github.com/ttkzw/mod_rpaf-0.6
-
View
@@ -0,0 +1,55 @@
+## mod_rpaf - reverse proxy add forward
+
+This module gets values of host and remote address from an reverse proxy,
+sets host and remote addresss to httpd.
+This module was originally written by Thomas Eibner <thomas@stderr.net>.
+
+The differences from the original module are:
+* Feature: Support for partial IP address as '10.1.' for RPAFproxy_ips. The author of this patch is unknown.
+* Feature: Recursive ip extraction with RPAFrecursive directive.
+* Bugfix: In the case of APR_HAVE_IPV6-enabled build, access control of Order/Allow/Deny does not work correctly.
+* Bugfix: A wrong remote_addr is set.
+* Support of httpd 1.3 was deleted.
+
+## Compile and Install
+
+```
+apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
+or simply try:
+make; make install
+```
+
+## Configuration Directives
+
+```
+RPAFenable On
+# Enable reverse proxy add forward
+RPAFproxy_ips 127.0.0.1 10.0.0.1 172.16. 192.168.
+# which ips are forwarding requests to us
+RPAFsethostname On
+# let rpaf update vhost settings
+# allows to have the same hostnames as in the "real"
+# configuration for the forwarding Apache
+RPAFheader X-Forwarded-For
+# Allows you to change which header mod_rpaf looks
+# for when trying to find the ip the that is forwarding
+# our requests
+RPAFrecursive On
+# If recursive search is disabled, remote address is replaced by the
+# last address in RPAFheader directive. If recursive search is
+# enabled, remote address is replaced by the last non-trusted address
+# in RPAFheader directive.
+```
+
+## Author
+
+* Thomas Eibner <thomas@stderr.net> (The original author)
+* Takashi Takizawa <taki@cyber.email.ne.jp>
+* Taiki Sugawara <buzz.taiki@gmail.com> (RPAFrecursive)
+* Geoffrey McRae <gnif@xbmc.org> (rpaf_looks_like_ip() and the related code were ported from https://github.com/gnif/mod_rpaf )
+
+## License
+This software is licensed under the [Apache License](http://www.apache.org/licenses/LICENSE).
+
+## Distribution
+Latest version available from https://github.com/ttkzw/mod_rpaf-0.6
View
@@ -72,6 +72,7 @@
#include "http_vhost.h"
#include "apr_strings.h"
#include "arpa/inet.h"
+#include <ctype.h> // isspace
module AP_MODULE_DECLARE_DATA rpaf_module;
@@ -101,6 +102,33 @@ static void *rpaf_create_server_cfg(apr_pool_t *p, server_rec *s) {
return (void *)cfg;
}
+/* It was ported from https://github.com/gnif/mod_rpaf */
+/* quick check for ipv4/6 likelihood; similar to Apache2.4 mod_remoteip check */
+static int rpaf_looks_like_ip(const char *ip) {
+ static const char ipv4_set[] = "0123456789./";
+ static const char ipv6_set[] = "0123456789abcdef:/.";
+
+ /* zero length value is not valid */
+ if (!*ip)
+ return 0;
+
+ const char *ptr = ip;
+
+ /* determine if this could be a IPv6 or IPv4 address */
+ if (strchr(ip, ':'))
+ {
+ while(*ptr && strchr(ipv6_set, *ptr) != NULL)
+ ++ptr;
+ }
+ else
+ {
+ while(*ptr && strchr(ipv4_set, *ptr) != NULL)
+ ++ptr;
+ }
+
+ return (*ptr == '\0');
+}
+
static const char *rpaf_set_proxy_ip(cmd_parms *cmd, void *dummy, const char *proxy_ip) {
server_rec *s = cmd->server;
rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(s->module_config,
@@ -182,6 +210,8 @@ static apr_status_t rpaf_cleanup(void *data) {
static int change_remote_ip(request_rec *r) {
const char *fwdvalue;
+ const char *fwdvalue_temp;
+ int i;
char *val;
rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(r->server->module_config,
&rpaf_module);
@@ -202,12 +232,19 @@ static int change_remote_ip(request_rec *r) {
if (fwdvalue) {
rpaf_cleanup_rec *rcr = (rpaf_cleanup_rec *)apr_pcalloc(r->pool, sizeof(rpaf_cleanup_rec));
- apr_array_header_t *arr = apr_array_make(r->pool, 0, sizeof(char*));
- while (*fwdvalue && (val = ap_get_token(r->pool, &fwdvalue, 1))) {
- *(char **)apr_array_push(arr) = apr_pstrdup(r->pool, val);
- if (*fwdvalue != '\0')
- ++fwdvalue;
+ apr_array_header_t *arr = apr_array_make(r->pool, 4, sizeof(char *));
+
+ fwdvalue_temp = apr_pstrdup(r->pool, fwdvalue);
+ while ((val = strsep((char **)&fwdvalue_temp, ",")) != NULL) {
+ /* strip leading and trailing whitespace */
+ while(isspace(*val))
+ ++val;
+ for (i = strlen(val) - 1; i > 0 && isspace(val[i]); i--)
+ val[i] = '\0';
+ if (rpaf_looks_like_ip(val))
+ *(char **)apr_array_push(arr) = apr_pstrdup(r->pool, val);
}
+
rcr->old_ip = apr_pstrdup(r->connection->pool, r->connection->remote_ip);
rcr->old_family = r->connection->remote_addr->sa.sin.sin_family;
rcr->r = r;

0 comments on commit 345365c

Please sign in to comment.