Attachment #34496 for bug #59829

View | Details | Raw Unified | Return to bug 59829
Collapse All | Expand All

Line Link Here

(-)file_not_specified_in_diff (-3 / +68 lines)
0	-- mod_remoteip.c	0	++ mod_remoteip.c
Lines 44-53 Link Here
44	* from the proxy-via IP header value list)	44	* from the proxy-via IP header value list)
45	*/	45	*/
46	const char *proxies_header_name;	46	const char *proxies_header_name;
		47	/** A header that may indicate user is using a
		48	* HTTPS connection to the reverse-proxy, and
		49	* the value that it must match for it to do so.
		50	*/
		51	const char *secure_header_name;
		52	const char *secure_header_value;
47	/** A list of trusted proxies, ideally configured	53	/** A list of trusted proxies, ideally configured
48	* with the most commonly encountered listed first	54	* with the most commonly encountered listed first
49	*/	55	*/
50	apr_array_header_t *proxymatch_ip;	56	apr_array_header_t *proxymatch_ip;
		57	/** Port to use if secure header is set */
		58	const char *secure_port;
51	} remoteip_config_t;	59	} remoteip_config_t;
52		60
53	typedef struct {	61	typedef struct {
Lines 65-70 Link Here
65	/* config->header_name = NULL;	73	/* config->header_name = NULL;
66	* config->proxies_header_name = NULL;	74	* config->proxies_header_name = NULL;
67	*/	75	*/
		76	config->secure_port="443"; /* Set default value */
68	return config;	77	return config;
69	}	78	}
70		79
Lines 85-90 Link Here
85	config->proxymatch_ip = server->proxymatch_ip	94	config->proxymatch_ip = server->proxymatch_ip
86	? server->proxymatch_ip	95	? server->proxymatch_ip
87	: global->proxymatch_ip;	96	: global->proxymatch_ip;
		97	config->secure_header_name = server->secure_header_name
		98	? server->secure_header_name
		99	: global->secure_header_name;
		100	config->secure_header_value = server->secure_header_value
		101	? server->secure_header_value
		102	: global->secure_header_value;
		103	config->secure_port = server->secure_port
		104	? server->secure_port
		105	: global->secure_port;
		106
88	return config;	107	return config;
89	}	108	}
90		109
Lines 106-111 Link Here
106	return NULL;	125	return NULL;
107	}	126	}
108		127
		128	static const char secure_header_set(cmd_parms cmd, void *dummy,
		129	const char name, const char value)
		130	{
		131	remoteip_config_t *config = ap_get_module_config(cmd->server->module_config,
		132	&remoteip_module);
		133	config->secure_header_name = name;
		134	config->secure_header_value = value;
		135	return NULL;
		136	}
		137
		138	static const char secure_port_set(cmd_parms cmd, void dummy, const char value)
		139	{
		140	remoteip_config_t *config = ap_get_module_config(cmd->server->module_config,
		141	&remoteip_module);
		142	config->secure_port = value;
		143	return NULL;
		144	}
		145
		146
109	/* Would be quite nice if APR exported this */	147	/* Would be quite nice if APR exported this */
110	/* apr:network_io/unix/sockaddr.c */	148	/* apr:network_io/unix/sockaddr.c */
111	static int looks_like_ip(const char *ipstr)	149	static int looks_like_ip(const char *ipstr)
Lines 229-234 Link Here
229	char *proxy_ips = NULL;	267	char *proxy_ips = NULL;
230	char *parse_remote;	268	char *parse_remote;
231	char *eos;	269	char *eos;
		270	char *secure = NULL;
232	unsigned char *addrbyte;	271	unsigned char *addrbyte;
233		272
234	/* If no RemoteIPInternalProxy, RemoteIPInternalProxyList, RemoteIPTrustedProxy	273	/* If no RemoteIPInternalProxy, RemoteIPInternalProxyList, RemoteIPTrustedProxy
Lines 394-399 Link Here
394	return OK;	433	return OK;
395	}	434	}
396		435
		436	if (config->secure_header_name) {
		437	secure = (char *) apr_table_get(r->headers_in, config->secure_header_name);
		438	}
		439
		440	if (secure) {
		441
		442	if (!strcmp(secure, config->secure_header_value)) {
		443	apr_table_setn(r->subprocess_env, "HTTPS", "on");
		444	r->server->server_scheme = "https";
		445	apr_table_set(r->subprocess_env, "SERVER_PORT", config->secure_port);
		446	r->server->port = atoi(config->secure_port);
		447	}
		448	/* Header is available. Unset even if no match. */
		449	apr_table_unset(r->headers_in, config->secure_header_name);
		450	}
		451	else {
		452	secure = NULL;
		453	}
		454
397	req->proxied_remote = remote;	455	req->proxied_remote = remote;
398	req->proxy_ips = proxy_ips;	456	req->proxy_ips = proxy_ips;
399		457
Lines 417-425 Link Here
417		475
418	ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,	476	ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
419	req->proxy_ips	477	req->proxy_ips
420	? "Using %s as client's IP by proxies %s"	478	? "Using %s as client's IP by %s proxies %s via"
421	: "Using %s as client's IP by internal proxies%s",	479	: "Using %s as client's IP by %s internal proxies%s",
422	req->useragent_ip,	480	req->useragent_ip,
		481	secure ? "HTTPS" : "HTTP",
423	(req->proxy_ips ? req->proxy_ips : ""));	482	(req->proxy_ips ? req->proxy_ips : ""));
424	return OK;	483	return OK;
425	}	484	}
Lines 447-452 Link Here
447	RSRC_CONF \| EXEC_ON_READ,	506	RSRC_CONF \| EXEC_ON_READ,
448	"The filename to read the list of internal proxies, "	507	"The filename to read the list of internal proxies, "
449	"see the RemoteIPInternalProxy directive"),	508	"see the RemoteIPInternalProxy directive"),
		509	AP_INIT_TAKE2("SecureIndicatorHeader", secure_header_set, NULL, RSRC_CONF,
		510	"Specifies a request header and value that indicates a secure connection, "
		511	"e.g. \"X-Forwarded-Proto https\" or \"X-Secure-Connection on\""),
		512	AP_INIT_TAKE1("SecureIndicatorSSLPort", secure_port_set, NULL, RSRC_CONF,
		513	"Port to be used for redirections if SecureIndicatorHeader is set, "
		514	"Default is \"SecureInidcatorSSLPort 443\" "),
450	{ NULL }	515	{ NULL }
451	};	516	};
452		517

Return to bug 59829