Lines 44-49
typedef struct {
Link Here
|
44 |
* from the proxy-via IP header value list) |
44 |
* from the proxy-via IP header value list) |
45 |
*/ |
45 |
*/ |
46 |
const char *proxies_header_name; |
46 |
const char *proxies_header_name; |
|
|
47 |
/** A header that may indicate user is using a |
48 |
* HTTPS connection to the reverse-proxy, and |
49 |
* the value that it must match for it to do so. |
50 |
*/ |
51 |
const char *secure_header_name; |
52 |
const char *secure_header_value; |
47 |
/** A list of trusted proxies, ideally configured |
53 |
/** A list of trusted proxies, ideally configured |
48 |
* with the most commonly encountered listed first |
54 |
* with the most commonly encountered listed first |
49 |
*/ |
55 |
*/ |
Lines 85-90
static void *merge_remoteip_server_config(apr_pool_t *p, void *globalv,
Link Here
|
85 |
config->proxymatch_ip = server->proxymatch_ip |
91 |
config->proxymatch_ip = server->proxymatch_ip |
86 |
? server->proxymatch_ip |
92 |
? server->proxymatch_ip |
87 |
: global->proxymatch_ip; |
93 |
: global->proxymatch_ip; |
|
|
94 |
config->secure_header_name = server->secure_header_name |
95 |
? server->secure_header_name |
96 |
: global->secure_header_name; |
97 |
config->secure_header_value = server->secure_header_value |
98 |
? server->secure_header_value |
99 |
: global->secure_header_value; |
88 |
return config; |
100 |
return config; |
89 |
} |
101 |
} |
90 |
|
102 |
|
Lines 106-111
static const char *proxies_header_name_set(cmd_parms *cmd, void *dummy,
Link Here
|
106 |
return NULL; |
118 |
return NULL; |
107 |
} |
119 |
} |
108 |
|
120 |
|
|
|
121 |
static const char *secure_header_set(cmd_parms *cmd, void *dummy, |
122 |
const char *name, const char *value) |
123 |
{ |
124 |
remoteip_config_t *config = ap_get_module_config(cmd->server->module_config, |
125 |
&remoteip_module); |
126 |
config->secure_header_name = name; |
127 |
config->secure_header_value = value; |
128 |
return NULL; |
129 |
} |
130 |
|
109 |
/* Would be quite nice if APR exported this */ |
131 |
/* Would be quite nice if APR exported this */ |
110 |
/* apr:network_io/unix/sockaddr.c */ |
132 |
/* apr:network_io/unix/sockaddr.c */ |
111 |
static int looks_like_ip(const char *ipstr) |
133 |
static int looks_like_ip(const char *ipstr) |
Lines 229-234
static int remoteip_modify_request(request_rec *r)
Link Here
|
229 |
char *proxy_ips = NULL; |
251 |
char *proxy_ips = NULL; |
230 |
char *parse_remote; |
252 |
char *parse_remote; |
231 |
char *eos; |
253 |
char *eos; |
|
|
254 |
char *secure = NULL; |
232 |
unsigned char *addrbyte; |
255 |
unsigned char *addrbyte; |
233 |
|
256 |
|
234 |
/* If no RemoteIPInternalProxy, RemoteIPInternalProxyList, RemoteIPTrustedProxy |
257 |
/* If no RemoteIPInternalProxy, RemoteIPInternalProxyList, RemoteIPTrustedProxy |
Lines 394-399
static int remoteip_modify_request(request_rec *r)
Link Here
|
394 |
return OK; |
417 |
return OK; |
395 |
} |
418 |
} |
396 |
|
419 |
|
|
|
420 |
if (config->secure_header_name) { |
421 |
secure = (char *) apr_table_get(r->headers_in, config->secure_header_name); |
422 |
} |
423 |
|
424 |
if (secure) { |
425 |
if (!strcmp(secure, config->secure_header_value)) { |
426 |
apr_table_setn(r->subprocess_env, "HTTPS", "on"); |
427 |
} |
428 |
/* Header is available. Unset even if no match. */ |
429 |
apr_table_unset(r->headers_in, config->secure_header_name); |
430 |
} |
431 |
else { |
432 |
secure = NULL; |
433 |
} |
434 |
|
397 |
req->proxied_remote = remote; |
435 |
req->proxied_remote = remote; |
398 |
req->proxy_ips = proxy_ips; |
436 |
req->proxy_ips = proxy_ips; |
399 |
|
437 |
|
Lines 417-425
static int remoteip_modify_request(request_rec *r)
Link Here
|
417 |
|
455 |
|
418 |
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, |
456 |
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, |
419 |
req->proxy_ips |
457 |
req->proxy_ips |
420 |
? "Using %s as client's IP by proxies %s" |
458 |
? "Using %s as client's IP by %s proxies %s via" |
421 |
: "Using %s as client's IP by internal proxies%s", |
459 |
: "Using %s as client's IP by %s internal proxies%s", |
422 |
req->useragent_ip, |
460 |
req->useragent_ip, |
|
|
461 |
secure ? "HTTPS" : "HTTP", |
423 |
(req->proxy_ips ? req->proxy_ips : "")); |
462 |
(req->proxy_ips ? req->proxy_ips : "")); |
424 |
return OK; |
463 |
return OK; |
425 |
} |
464 |
} |
Lines 447-452
static const command_rec remoteip_cmds[] =
Link Here
|
447 |
RSRC_CONF | EXEC_ON_READ, |
486 |
RSRC_CONF | EXEC_ON_READ, |
448 |
"The filename to read the list of internal proxies, " |
487 |
"The filename to read the list of internal proxies, " |
449 |
"see the RemoteIPInternalProxy directive"), |
488 |
"see the RemoteIPInternalProxy directive"), |
|
|
489 |
AP_INIT_TAKE2("SecureIndicatorHeader", secure_header_set, NULL, RSRC_CONF, |
490 |
"Specifies a request header and value that indicates a secure connection, " |
491 |
"e.g. \"X-Forwarded-Proto https\" or \"X-Secure-Connection on\""), |
450 |
{ NULL } |
492 |
{ NULL } |
451 |
}; |
493 |
}; |
452 |
|
494 |
|