Line
Link Here
|
0 |
-- mod_remoteip.c |
0 |
++ mod_remoteip.c |
Lines 44-53
Link Here
|
44 |
* from the proxy-via IP header value list) |
44 |
* from the proxy-via IP header value list) |
45 |
*/ |
45 |
*/ |
46 |
const char *proxies_header_name; |
46 |
const char *proxies_header_name; |
|
|
47 |
/** A header that may indicate user is using a |
48 |
* HTTPS connection to the reverse-proxy, and |
49 |
* the value that it must match for it to do so. |
50 |
*/ |
51 |
const char *secure_header_name; |
52 |
const char *secure_header_value; |
47 |
/** A list of trusted proxies, ideally configured |
53 |
/** A list of trusted proxies, ideally configured |
48 |
* with the most commonly encountered listed first |
54 |
* with the most commonly encountered listed first |
49 |
*/ |
55 |
*/ |
50 |
apr_array_header_t *proxymatch_ip; |
56 |
apr_array_header_t *proxymatch_ip; |
|
|
57 |
/** Port to use if secure header is set */ |
58 |
const char *secure_port; |
51 |
} remoteip_config_t; |
59 |
} remoteip_config_t; |
52 |
|
60 |
|
53 |
typedef struct { |
61 |
typedef struct { |
Lines 65-70
Link Here
|
65 |
/* config->header_name = NULL; |
73 |
/* config->header_name = NULL; |
66 |
* config->proxies_header_name = NULL; |
74 |
* config->proxies_header_name = NULL; |
67 |
*/ |
75 |
*/ |
|
|
76 |
config->secure_port="443"; /* Set default value */ |
68 |
return config; |
77 |
return config; |
69 |
} |
78 |
} |
70 |
|
79 |
|
Lines 85-90
Link Here
|
85 |
config->proxymatch_ip = server->proxymatch_ip |
94 |
config->proxymatch_ip = server->proxymatch_ip |
86 |
? server->proxymatch_ip |
95 |
? server->proxymatch_ip |
87 |
: global->proxymatch_ip; |
96 |
: global->proxymatch_ip; |
|
|
97 |
config->secure_header_name = server->secure_header_name |
98 |
? server->secure_header_name |
99 |
: global->secure_header_name; |
100 |
config->secure_header_value = server->secure_header_value |
101 |
? server->secure_header_value |
102 |
: global->secure_header_value; |
103 |
config->secure_port = server->secure_port |
104 |
? server->secure_port |
105 |
: global->secure_port; |
106 |
|
88 |
return config; |
107 |
return config; |
89 |
} |
108 |
} |
90 |
|
109 |
|
Lines 106-111
Link Here
|
106 |
return NULL; |
125 |
return NULL; |
107 |
} |
126 |
} |
108 |
|
127 |
|
|
|
128 |
static const char *secure_header_set(cmd_parms *cmd, void *dummy, |
129 |
const char *name, const char *value) |
130 |
{ |
131 |
remoteip_config_t *config = ap_get_module_config(cmd->server->module_config, |
132 |
&remoteip_module); |
133 |
config->secure_header_name = name; |
134 |
config->secure_header_value = value; |
135 |
return NULL; |
136 |
} |
137 |
|
138 |
static const char *secure_port_set(cmd_parms *cmd, void *dummy, const char *value) |
139 |
{ |
140 |
remoteip_config_t *config = ap_get_module_config(cmd->server->module_config, |
141 |
&remoteip_module); |
142 |
config->secure_port = value; |
143 |
return NULL; |
144 |
} |
145 |
|
146 |
|
109 |
/* Would be quite nice if APR exported this */ |
147 |
/* Would be quite nice if APR exported this */ |
110 |
/* apr:network_io/unix/sockaddr.c */ |
148 |
/* apr:network_io/unix/sockaddr.c */ |
111 |
static int looks_like_ip(const char *ipstr) |
149 |
static int looks_like_ip(const char *ipstr) |
Lines 229-234
Link Here
|
229 |
char *proxy_ips = NULL; |
267 |
char *proxy_ips = NULL; |
230 |
char *parse_remote; |
268 |
char *parse_remote; |
231 |
char *eos; |
269 |
char *eos; |
|
|
270 |
char *secure = NULL; |
232 |
unsigned char *addrbyte; |
271 |
unsigned char *addrbyte; |
233 |
|
272 |
|
234 |
/* If no RemoteIPInternalProxy, RemoteIPInternalProxyList, RemoteIPTrustedProxy |
273 |
/* If no RemoteIPInternalProxy, RemoteIPInternalProxyList, RemoteIPTrustedProxy |
Lines 394-399
Link Here
|
394 |
return OK; |
433 |
return OK; |
395 |
} |
434 |
} |
396 |
|
435 |
|
|
|
436 |
if (config->secure_header_name) { |
437 |
secure = (char *) apr_table_get(r->headers_in, config->secure_header_name); |
438 |
} |
439 |
|
440 |
if (secure) { |
441 |
|
442 |
if (!strcmp(secure, config->secure_header_value)) { |
443 |
apr_table_setn(r->subprocess_env, "HTTPS", "on"); |
444 |
r->server->server_scheme = "https"; |
445 |
apr_table_set(r->subprocess_env, "SERVER_PORT", config->secure_port); |
446 |
r->server->port = atoi(config->secure_port); |
447 |
} |
448 |
/* Header is available. Unset even if no match. */ |
449 |
apr_table_unset(r->headers_in, config->secure_header_name); |
450 |
} |
451 |
else { |
452 |
secure = NULL; |
453 |
} |
454 |
|
397 |
req->proxied_remote = remote; |
455 |
req->proxied_remote = remote; |
398 |
req->proxy_ips = proxy_ips; |
456 |
req->proxy_ips = proxy_ips; |
399 |
|
457 |
|
Lines 417-425
Link Here
|
417 |
|
475 |
|
418 |
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, |
476 |
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, |
419 |
req->proxy_ips |
477 |
req->proxy_ips |
420 |
? "Using %s as client's IP by proxies %s" |
478 |
? "Using %s as client's IP by %s proxies %s via" |
421 |
: "Using %s as client's IP by internal proxies%s", |
479 |
: "Using %s as client's IP by %s internal proxies%s", |
422 |
req->useragent_ip, |
480 |
req->useragent_ip, |
|
|
481 |
secure ? "HTTPS" : "HTTP", |
423 |
(req->proxy_ips ? req->proxy_ips : "")); |
482 |
(req->proxy_ips ? req->proxy_ips : "")); |
424 |
return OK; |
483 |
return OK; |
425 |
} |
484 |
} |
Lines 447-452
Link Here
|
447 |
RSRC_CONF | EXEC_ON_READ, |
506 |
RSRC_CONF | EXEC_ON_READ, |
448 |
"The filename to read the list of internal proxies, " |
507 |
"The filename to read the list of internal proxies, " |
449 |
"see the RemoteIPInternalProxy directive"), |
508 |
"see the RemoteIPInternalProxy directive"), |
|
|
509 |
AP_INIT_TAKE2("SecureIndicatorHeader", secure_header_set, NULL, RSRC_CONF, |
510 |
"Specifies a request header and value that indicates a secure connection, " |
511 |
"e.g. \"X-Forwarded-Proto https\" or \"X-Secure-Connection on\""), |
512 |
AP_INIT_TAKE1("SecureIndicatorSSLPort", secure_port_set, NULL, RSRC_CONF, |
513 |
"Port to be used for redirections if SecureIndicatorHeader is set, " |
514 |
"Default is \"SecureInidcatorSSLPort 443\" "), |
450 |
{ NULL } |
515 |
{ NULL } |
451 |
}; |
516 |
}; |
452 |
|
517 |
|