|
Lines 44-49
typedef struct {
Link Here
|
| 44 |
* from the proxy-via IP header value list) |
44 |
* from the proxy-via IP header value list) |
| 45 |
*/ |
45 |
*/ |
| 46 |
const char *proxies_header_name; |
46 |
const char *proxies_header_name; |
|
|
47 |
/** A header that may indicate user is using a |
| 48 |
* HTTPS connection to the reverse-proxy, and |
| 49 |
* the value that it must match for it to do so. |
| 50 |
*/ |
| 51 |
const char *secure_header_name; |
| 52 |
const char *secure_header_value; |
| 47 |
/** A list of trusted proxies, ideally configured |
53 |
/** A list of trusted proxies, ideally configured |
| 48 |
* with the most commonly encountered listed first |
54 |
* with the most commonly encountered listed first |
| 49 |
*/ |
55 |
*/ |
|
Lines 85-90
static void *merge_remoteip_server_config(apr_pool_t *p, void *globalv,
Link Here
|
| 85 |
config->proxymatch_ip = server->proxymatch_ip |
91 |
config->proxymatch_ip = server->proxymatch_ip |
| 86 |
? server->proxymatch_ip |
92 |
? server->proxymatch_ip |
| 87 |
: global->proxymatch_ip; |
93 |
: global->proxymatch_ip; |
|
|
94 |
config->secure_header_name = server->secure_header_name |
| 95 |
? server->secure_header_name |
| 96 |
: global->secure_header_name; |
| 97 |
config->secure_header_value = server->secure_header_value |
| 98 |
? server->secure_header_value |
| 99 |
: global->secure_header_value; |
| 88 |
return config; |
100 |
return config; |
| 89 |
} |
101 |
} |
| 90 |
|
102 |
|
|
Lines 106-111
static const char *proxies_header_name_set(cmd_parms *cmd, void *dummy,
Link Here
|
| 106 |
return NULL; |
118 |
return NULL; |
| 107 |
} |
119 |
} |
| 108 |
|
120 |
|
|
|
121 |
static const char *secure_header_set(cmd_parms *cmd, void *dummy, |
| 122 |
const char *name, const char *value) |
| 123 |
{ |
| 124 |
remoteip_config_t *config = ap_get_module_config(cmd->server->module_config, |
| 125 |
&remoteip_module); |
| 126 |
config->secure_header_name = name; |
| 127 |
config->secure_header_value = value; |
| 128 |
return NULL; |
| 129 |
} |
| 130 |
|
| 109 |
/* Would be quite nice if APR exported this */ |
131 |
/* Would be quite nice if APR exported this */ |
| 110 |
/* apr:network_io/unix/sockaddr.c */ |
132 |
/* apr:network_io/unix/sockaddr.c */ |
| 111 |
static int looks_like_ip(const char *ipstr) |
133 |
static int looks_like_ip(const char *ipstr) |
|
Lines 229-234
static int remoteip_modify_request(request_rec *r)
Link Here
|
| 229 |
char *proxy_ips = NULL; |
251 |
char *proxy_ips = NULL; |
| 230 |
char *parse_remote; |
252 |
char *parse_remote; |
| 231 |
char *eos; |
253 |
char *eos; |
|
|
254 |
char *secure = NULL; |
| 232 |
unsigned char *addrbyte; |
255 |
unsigned char *addrbyte; |
| 233 |
|
256 |
|
| 234 |
/* If no RemoteIPInternalProxy, RemoteIPInternalProxyList, RemoteIPTrustedProxy |
257 |
/* If no RemoteIPInternalProxy, RemoteIPInternalProxyList, RemoteIPTrustedProxy |
|
Lines 394-399
static int remoteip_modify_request(request_rec *r)
Link Here
|
| 394 |
return OK; |
417 |
return OK; |
| 395 |
} |
418 |
} |
| 396 |
|
419 |
|
|
|
420 |
if (config->secure_header_name) { |
| 421 |
secure = (char *) apr_table_get(r->headers_in, config->secure_header_name); |
| 422 |
} |
| 423 |
|
| 424 |
if (secure) { |
| 425 |
if (!strcmp(secure, config->secure_header_value)) { |
| 426 |
apr_table_setn(r->subprocess_env, "HTTPS", "on"); |
| 427 |
} |
| 428 |
/* Header is available. Unset even if no match. */ |
| 429 |
apr_table_unset(r->headers_in, config->secure_header_name); |
| 430 |
} |
| 431 |
else { |
| 432 |
secure = NULL; |
| 433 |
} |
| 434 |
|
| 397 |
req->proxied_remote = remote; |
435 |
req->proxied_remote = remote; |
| 398 |
req->proxy_ips = proxy_ips; |
436 |
req->proxy_ips = proxy_ips; |
| 399 |
|
437 |
|
|
Lines 417-425
static int remoteip_modify_request(request_rec *r)
Link Here
|
| 417 |
|
455 |
|
| 418 |
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, |
456 |
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, |
| 419 |
req->proxy_ips |
457 |
req->proxy_ips |
| 420 |
? "Using %s as client's IP by proxies %s" |
458 |
? "Using %s as client's IP by %s proxies %s via" |
| 421 |
: "Using %s as client's IP by internal proxies%s", |
459 |
: "Using %s as client's IP by %s internal proxies%s", |
| 422 |
req->useragent_ip, |
460 |
req->useragent_ip, |
|
|
461 |
secure ? "HTTPS" : "HTTP", |
| 423 |
(req->proxy_ips ? req->proxy_ips : "")); |
462 |
(req->proxy_ips ? req->proxy_ips : "")); |
| 424 |
return OK; |
463 |
return OK; |
| 425 |
} |
464 |
} |
|
Lines 447-452
static const command_rec remoteip_cmds[] =
Link Here
|
| 447 |
RSRC_CONF | EXEC_ON_READ, |
486 |
RSRC_CONF | EXEC_ON_READ, |
| 448 |
"The filename to read the list of internal proxies, " |
487 |
"The filename to read the list of internal proxies, " |
| 449 |
"see the RemoteIPInternalProxy directive"), |
488 |
"see the RemoteIPInternalProxy directive"), |
|
|
489 |
AP_INIT_TAKE2("SecureIndicatorHeader", secure_header_set, NULL, RSRC_CONF, |
| 490 |
"Specifies a request header and value that indicates a secure connection, " |
| 491 |
"e.g. \"X-Forwarded-Proto https\" or \"X-Secure-Connection on\""), |
| 450 |
{ NULL } |
492 |
{ NULL } |
| 451 |
}; |
493 |
}; |
| 452 |
|
494 |
|