ASF Bugzilla – Attachment 21410 Details for
Bug 19188
ProxyPass'ing to HTTPS server via proxy does not work
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for Apache 2.2.8
patch_19188.txt (text/plain), 4.57 KB, created by
Philippe Dutrueux
on 2008-01-22 02:55:31 UTC
(
hide
)
Description:
Patch for Apache 2.2.8
Filename:
MIME Type:
Creator:
Philippe Dutrueux
Created:
2008-01-22 02:55:31 UTC
Size:
4.57 KB
patch
obsolete
>diff -ru httpd-2.2.8/modules/proxy/mod_proxy.h httpd-2.2.8.new/modules/proxy/mod_proxy.h >--- httpd-2.2.8/modules/proxy/mod_proxy.h 2008-01-02 20:25:08.000000000 +0100 >+++ httpd-2.2.8.new/modules/proxy/mod_proxy.h 2008-01-22 12:04:55.000000000 +0100 >@@ -231,6 +231,18 @@ > #if APR_HAS_THREADS > int inreslist; /* connection in apr_reslist? */ > #endif >+ >+ /* Does use the HTTP connect method to connect to the web server ? */ >+ int does_use_http_connect ; >+ /* >+ * When connecting to a HTTPS web server via a forward proxy, the previous >+ * host name and port are for forward proxy. >+ * The following fields are for web server >+ */ >+ char *web_server_host_name ; >+ apr_port_t web_server_port ; >+ /* Proxy authorization used when using the HTTP CONNECT method */ >+ const char *proxy_authorization ; > } proxy_conn_rec; > > typedef struct { >diff -ru httpd-2.2.8/modules/proxy/proxy_util.c httpd-2.2.8.new/modules/proxy/proxy_util.c >--- httpd-2.2.8/modules/proxy/proxy_util.c 2007-10-07 14:29:36.000000000 +0200 >+++ httpd-2.2.8.new/modules/proxy/proxy_util.c 2008-01-22 12:05:10.000000000 +0100 >@@ -1945,6 +1945,21 @@ > if (proxyname) { > conn->hostname = apr_pstrdup(conn->pool, proxyname); > conn->port = proxyport; >+ if (strcmp(uri->scheme, "https") == 0) { >+ const char *proxy_auth ; >+ >+ conn->does_use_http_connect = 1; >+ conn->web_server_host_name = apr_pstrdup(conn->pool, >+ uri->hostname) ; >+ conn->web_server_port = uri->port; >+ /* Extract proxy authorization from the current request */ >+ proxy_auth = apr_table_get(r->headers_in, >+ "Proxy-Authorization") ; >+ if (proxy_auth != NULL && proxy_auth[0] != '\0') { >+ conn->proxy_authorization = apr_pstrdup(conn->pool, >+ proxy_auth) ; >+ } >+ } > } > else { > conn->hostname = apr_pstrdup(conn->pool, uri->hostname); >@@ -2086,6 +2101,67 @@ > } > #endif /* USE_ALTERNATE_IS_CONNECTED */ > >+ >+static >+apr_status_t send_http_connect(proxy_conn_rec *backend, server_rec *s) >+{ >+ int status ; >+ apr_size_t nbytes ; >+ char buffer[HUGE_STRING_LEN]; >+ int len = 0 ; >+ >+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, >+ "proxy: CONNECT: sending the CONNECT request to the remote proxy"); >+ nbytes = apr_snprintf(buffer, sizeof(buffer), >+ "CONNECT %s:%d HTTP/1.0" CRLF, >+ backend->web_server_host_name, backend->web_server_port); >+ /* Add proxy authorization from the initial request if necessary */ >+ if (backend->proxy_authorization != NULL) { >+ nbytes += apr_snprintf(buffer + nbytes, sizeof(buffer) - nbytes, >+ "Proxy-Authorization: %s" CRLF, backend->proxy_authorization) ; >+ } >+ nbytes += apr_snprintf(buffer + nbytes, sizeof(buffer) - nbytes, >+ "Proxy-agent: %s" CRLF CRLF, ap_get_server_version()); >+ apr_socket_send(backend->sock, buffer, &nbytes); >+ >+ nbytes = sizeof(buffer) - 1 ; >+ status = apr_socket_recv(backend->sock, buffer, &nbytes) ; >+ while (status == APR_SUCCESS) { >+ len += nbytes ; >+ buffer[len] = '\0' ; >+ if (strstr(buffer, "\r\n\r\n") != NULL) { >+ break ; >+ } >+ nbytes = sizeof(buffer) - 1 - len ; >+ status = apr_socket_recv(backend->sock, buffer + len, &nbytes) ; >+ } >+ >+ if (status == APR_SUCCESS) { >+ int major, minor; >+ char code_str[10] ; >+ >+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, >+ "send_http_connect: response from the forward proxy: %s", >+ buffer) ; >+ >+ /* Extract the returned code */ >+ if (sscanf(buffer, "HTTP/%u.%u %s", &major, &minor, code_str) == 3) { >+ status = atoi(code_str) ; >+ if (status == HTTP_OK) { >+ status = APR_SUCCESS ; >+ } >+ else { >+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, >+ "send_http_connect: the forward proxy returned code is %s", >+ code_str) ; >+ } >+ } >+ } >+ >+ return(status) ; >+} >+ >+ > PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function, > proxy_conn_rec *conn, > proxy_worker *worker, >@@ -2190,6 +2266,21 @@ > } > > conn->sock = newsock; >+ >+ if (conn->does_use_http_connect) { >+ rv = send_http_connect(conn, s) ; >+ if (rv != APR_SUCCESS) { >+ conn->sock = NULL; >+ apr_socket_close(newsock); >+ loglevel = backend_addr->next ? APLOG_DEBUG : APLOG_ERR; >+ ap_log_error(APLOG_MARK, loglevel, rv, s, >+ "proxy: %s: attempt to connect to %pI (%s) failed", >+ proxy_function, backend_addr, worker->hostname); >+ backend_addr = backend_addr->next; >+ continue; >+ } >+ } >+ > connected = 1; > } > /*
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 19188
:
11552
|
21410
|
24975