ASF Bugzilla – Attachment 34495 Details for
Bug 59829
Detect HTTPS marker from reverse proxy
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
like previous patch, but also setting r->server->port for correct redirections
mod_remoteip.patch (text/plain), 4.66 KB, created by
Peter H.
on 2016-12-01 13:57:32 UTC
(
hide
)
Description:
like previous patch, but also setting r->server->port for correct redirections
Filename:
MIME Type:
Creator:
Peter H.
Created:
2016-12-01 13:57:32 UTC
Size:
4.66 KB
patch
obsolete
>--- mod_remoteip.c >+++ mod_remoteip.c >@@ -44,10 +44,18 @@ > * from the proxy-via IP header value list) > */ > const char *proxies_header_name; >+ /** A header that may indicate user is using a >+ * HTTPS connection to the reverse-proxy, and >+ * the value that it must match for it to do so. >+ */ >+ const char *secure_header_name; >+ const char *secure_header_value; > /** A list of trusted proxies, ideally configured > * with the most commonly encountered listed first > */ > apr_array_header_t *proxymatch_ip; >+ /** Port to use if secure header is set */ >+ const char *secure_port; > } remoteip_config_t; > > typedef struct { >@@ -65,6 +73,7 @@ > /* config->header_name = NULL; > * config->proxies_header_name = NULL; > */ >+ config->secure_port="443"; /* Set default value */ > return config; > } > >@@ -85,6 +94,16 @@ > config->proxymatch_ip = server->proxymatch_ip > ? server->proxymatch_ip > : global->proxymatch_ip; >+ config->secure_header_name = server->secure_header_name >+ ? server->secure_header_name >+ : global->secure_header_name; >+ config->secure_header_value = server->secure_header_value >+ ? server->secure_header_value >+ : global->secure_header_value; >+ config->secure_port = server->secure_port >+ ? server->secure_port >+ : global->secure_port; >+ > return config; > } > >@@ -106,6 +125,25 @@ > return NULL; > } > >+static const char *secure_header_set(cmd_parms *cmd, void *dummy, >+ const char *name, const char *value) >+{ >+ remoteip_config_t *config = ap_get_module_config(cmd->server->module_config, >+ &remoteip_module); >+ config->secure_header_name = name; >+ config->secure_header_value = value; >+ return NULL; >+} >+ >+static const char *secure_port_set(cmd_parms *cmd, void *dummy, const char *value) >+{ >+ remoteip_config_t *config = ap_get_module_config(cmd->server->module_config, >+ &remoteip_module); >+ config->secure_port = value; >+ return NULL; >+} >+ >+ > /* Would be quite nice if APR exported this */ > /* apr:network_io/unix/sockaddr.c */ > static int looks_like_ip(const char *ipstr) >@@ -229,6 +267,7 @@ > char *proxy_ips = NULL; > char *parse_remote; > char *eos; >+ char *secure = NULL; > unsigned char *addrbyte; > > /* If no RemoteIPInternalProxy, RemoteIPInternalProxyList, RemoteIPTrustedProxy >@@ -394,6 +433,25 @@ > return OK; > } > >+ if (config->secure_header_name) { >+ secure = (char *) apr_table_get(r->headers_in, config->secure_header_name); >+ } >+ >+ if (secure) { >+ >+ if (!strcmp(secure, config->secure_header_value)) { >+ apr_table_setn(r->subprocess_env, "HTTPS", "on"); >+ r->server->server_scheme = config->secure_header_value; >+ apr_table_set(r->subprocess_env, "SERVER_PORT", config->secure_port); >+ r->server->port = atoi(config->secure_port); >+ } >+ /* Header is available. Unset even if no match. */ >+ apr_table_unset(r->headers_in, config->secure_header_name); >+ } >+ else { >+ secure = NULL; >+ } >+ > req->proxied_remote = remote; > req->proxy_ips = proxy_ips; > >@@ -417,9 +475,10 @@ > > ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, > req->proxy_ips >- ? "Using %s as client's IP by proxies %s" >- : "Using %s as client's IP by internal proxies%s", >+ ? "Using %s as client's IP by %s proxies %s via" >+ : "Using %s as client's IP by %s internal proxies%s", > req->useragent_ip, >+ secure ? "HTTPS" : "HTTP", > (req->proxy_ips ? req->proxy_ips : "")); > return OK; > } >@@ -447,6 +506,12 @@ > RSRC_CONF | EXEC_ON_READ, > "The filename to read the list of internal proxies, " > "see the RemoteIPInternalProxy directive"), >+ AP_INIT_TAKE2("SecureIndicatorHeader", secure_header_set, NULL, RSRC_CONF, >+ "Specifies a request header and value that indicates a secure connection, " >+ "e.g. \"X-Forwarded-Proto https\" or \"X-Secure-Connection on\""), >+ AP_INIT_TAKE1("SecureIndicatorSSLPort", secure_port_set, NULL, RSRC_CONF, >+ "Port to be used for redirections if SecureIndicatorHeader is set, " >+ "Default is \"SecureInidcatorSSLPort 443\" "), > { NULL } > }; >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 59829
:
34024
|
34249
|
34495
|
34496
|
34504
|
34506
|
34507
|
34518
|
34709
|
34711
|
34741
|
34774
|
34781