View | Details | Raw Unified | Return to bug 58001
Collapse All | Expand All

(-)CHANGES (+3 lines)
Lines 1-6 Link Here
1
                                                         -*- coding: utf-8 -*-
1
                                                         -*- coding: utf-8 -*-
2
Changes with Apache 2.5.0
2
Changes with Apache 2.5.0
3
3
4
  *) mod_proxy: Add Forwarded header (RFC 7239) proxy requests.  PR 58001.
5
     [Christian Schmidt]
6
4
  *) mod_ssl, ab: Fix compatibility with LibreSSL.  PR 61184.
7
  *) mod_ssl, ab: Fix compatibility with LibreSSL.  PR 61184.
5
     [Bernard Spil <brnrd freebsd.org>, Yann Ylavic]
8
     [Bernard Spil <brnrd freebsd.org>, Yann Ylavic]
6
9
(-)docs/manual/mod/directives.html.en (+1 lines)
Lines 494-499 Link Here
494
<li><a href="core.html#protocols">Protocols</a></li>
494
<li><a href="core.html#protocols">Protocols</a></li>
495
<li><a href="core.html#protocolshonororder">ProtocolsHonorOrder</a></li>
495
<li><a href="core.html#protocolshonororder">ProtocolsHonorOrder</a></li>
496
<li><a href="mod_proxy.html#proxy">&lt;Proxy&gt;</a></li>
496
<li><a href="mod_proxy.html#proxy">&lt;Proxy&gt;</a></li>
497
<li><a href="mod_proxy.html#proxyaddforwardedheader">ProxyAddForwardedHeader</a></li>
497
<li><a href="mod_proxy.html#proxyaddheaders">ProxyAddHeaders</a></li>
498
<li><a href="mod_proxy.html#proxyaddheaders">ProxyAddHeaders</a></li>
498
<li><a href="mod_proxy.html#proxybadheader">ProxyBadHeader</a></li>
499
<li><a href="mod_proxy.html#proxybadheader">ProxyBadHeader</a></li>
499
<li><a href="mod_proxy.html#proxyblock">ProxyBlock</a></li>
500
<li><a href="mod_proxy.html#proxyblock">ProxyBlock</a></li>
(-)docs/manual/mod/mod_proxy.html.en (-2 / +40 lines)
Lines 107-112 Link Here
107
<li><img alt="" src="../images/down.gif" /> <a href="#balancerpersist">BalancerPersist</a></li>
107
<li><img alt="" src="../images/down.gif" /> <a href="#balancerpersist">BalancerPersist</a></li>
108
<li><img alt="" src="../images/down.gif" /> <a href="#noproxy">NoProxy</a></li>
108
<li><img alt="" src="../images/down.gif" /> <a href="#noproxy">NoProxy</a></li>
109
<li><img alt="" src="../images/down.gif" /> <a href="#proxy">&lt;Proxy&gt;</a></li>
109
<li><img alt="" src="../images/down.gif" /> <a href="#proxy">&lt;Proxy&gt;</a></li>
110
<li><img alt="" src="../images/down.gif" /> <a href="#proxyaddforwardedheader">ProxyAddForwardedHeader</a></li>
110
<li><img alt="" src="../images/down.gif" /> <a href="#proxyaddheaders">ProxyAddHeaders</a></li>
111
<li><img alt="" src="../images/down.gif" /> <a href="#proxyaddheaders">ProxyAddHeaders</a></li>
111
<li><img alt="" src="../images/down.gif" /> <a href="#proxybadheader">ProxyBadHeader</a></li>
112
<li><img alt="" src="../images/down.gif" /> <a href="#proxybadheader">ProxyBadHeader</a></li>
112
<li><img alt="" src="../images/down.gif" /> <a href="#proxyblock">ProxyBlock</a></li>
113
<li><img alt="" src="../images/down.gif" /> <a href="#proxyblock">ProxyBlock</a></li>
Lines 473-478 Link Here
473
    are:</p>
474
    are:</p>
474
475
475
    <dl>
476
    <dl>
477
      <dt><code>Forwarded</code></dt>
478
      <dd>The IP address of the client, the protocol used by the client (HTTP or HTTPS)
479
        and the original host requested by the client in the <code>Host</code> HTTP request header.</dd>
476
      <dt><code>X-Forwarded-For</code></dt>
480
      <dt><code>X-Forwarded-For</code></dt>
477
      <dd>The IP address of the client.</dd>
481
      <dd>The IP address of the client.</dd>
478
      <dt><code>X-Forwarded-Host</code></dt>
482
      <dt><code>X-Forwarded-Host</code></dt>
Lines 482-487 Link Here
482
      <dd>The hostname of the proxy server.</dd>
486
      <dd>The hostname of the proxy server.</dd>
483
    </dl>
487
    </dl>
484
488
489
    <p>The <code>Forwarded</code> header is defined in
490
    <a href="https://www.ietf.org/rfc/rfc7239.txt">RFC 7239</a> and is activated using
491
    the <code><a href="#proxyaddforwardedheader">ProxyAddForwardedHeader</a></code>
492
    directive. The other headers are de-facto standards, and they are controlled via
493
    the <code><a href="#proxyaddheaders">ProxyAddHeaders</a></code> directive.</p>
494
485
    <p>Be careful when using these headers on the origin server, since
495
    <p>Be careful when using these headers on the origin server, since
486
    they will contain more than one (comma-separated) value if the
496
    they will contain more than one (comma-separated) value if the
487
    original request already contained one of these headers. For
497
    original request already contained one of these headers. For
Lines 766-771 Link Here
766
</ul>
776
</ul>
767
</div>
777
</div>
768
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
778
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
779
<div class="directive-section"><h2><a name="ProxyAddForwardedHeader" id="ProxyAddForwardedHeader">ProxyAddForwardedHeader</a> <a name="proxyaddforwardedheader" id="proxyaddforwardedheader">Directive</a></h2>
780
<table class="directive">
781
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Add proxy information in the Forwarded header</td></tr>
782
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyAddForwardedHeader Off|On</code></td></tr>
783
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyAddForwardedHeader Off</code></td></tr>
784
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
785
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
786
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
787
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.5.0 and later</td></tr>
788
</table>
789
    <p>This directive determines whether or not proxy-related information should be passed to the
790
      backend server through the <code>Forwarded</code> HTTP header. The header is described in
791
      <a href="https://www.ietf.org/rfc/rfc7239.txt">RFC 7239</a>.</p>
792
    <div class="note"><h3>Effectiveness</h3>
793
     <p>This option is of use only for HTTP proxying, as handled by <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code>.</p>
794
    </div>
795
<h3>See also</h3>
796
<ul>
797
<li><code class="directive"><a href="#proxyaddheaders">ProxyAddHeaders</a></code></li>
798
</ul>
799
800
</div>
801
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
769
<div class="directive-section"><h2><a name="ProxyAddHeaders" id="ProxyAddHeaders">ProxyAddHeaders</a> <a name="proxyaddheaders" id="proxyaddheaders">Directive</a></h2>
802
<div class="directive-section"><h2><a name="ProxyAddHeaders" id="ProxyAddHeaders">ProxyAddHeaders</a> <a name="proxyaddheaders" id="proxyaddheaders">Directive</a></h2>
770
<table class="directive">
803
<table class="directive">
771
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Add proxy information in X-Forwarded-* headers</td></tr>
804
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Add proxy information in X-Forwarded-* headers</td></tr>
Lines 776-786 Link Here
776
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
809
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
777
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.3.10 and later</td></tr>
810
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.3.10 and later</td></tr>
778
</table>
811
</table>
779
    <p>This directive determines whether or not proxy related information should be passed to the
812
    <p>This directive determines whether or not proxy-related information should be passed to the backend server
780
    backend server through X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server HTTP headers.</p>
813
      through <code>X-Forwarded-For</code>, <code>X-Forwarded-Host</code> and <code>X-Forwarded-Server</code>
814
      HTTP headers.</p>
781
    <div class="note"><h3>Effectiveness</h3>
815
    <div class="note"><h3>Effectiveness</h3>
782
     <p>This option is of use only for HTTP proxying, as handled by <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code>.</p>
816
     <p>This option is of use only for HTTP proxying, as handled by <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code>.</p>
783
    </div>
817
    </div>
818
<h3>See also</h3>
819
<ul>
820
<li><code class="directive"><a href="#proxyaddforwardedheader">ProxyAddForwardedHeader</a></code></li>
821
</ul>
784
822
785
</div>
823
</div>
786
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
824
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
(-)docs/manual/mod/mod_proxy.xml (-2 / +33 lines)
Lines 448-453 Link Here
448
    are:</p>
448
    are:</p>
449
449
450
    <dl>
450
    <dl>
451
      <dt><code>Forwarded</code></dt>
452
      <dd>The IP address of the client, the protocol used by the client (HTTP or HTTPS)
453
        and the original host requested by the client in the <code>Host</code> HTTP request header.</dd>
451
      <dt><code>X-Forwarded-For</code></dt>
454
      <dt><code>X-Forwarded-For</code></dt>
452
      <dd>The IP address of the client.</dd>
455
      <dd>The IP address of the client.</dd>
453
      <dt><code>X-Forwarded-Host</code></dt>
456
      <dt><code>X-Forwarded-Host</code></dt>
Lines 457-462 Link Here
457
      <dd>The hostname of the proxy server.</dd>
460
      <dd>The hostname of the proxy server.</dd>
458
    </dl>
461
    </dl>
459
462
463
    <p>The <code>Forwarded</code> header is defined in
464
    <a href="https://www.ietf.org/rfc/rfc7239.txt">RFC 7239</a> and is activated
465
    using the <code><a href="#proxyaddforwardedheader">ProxyAddForwardedHeader</a></code>
466
    directive. The other headers are de-facto standards, and they are controlled
467
    via the <code><a href="#proxyaddheaders">ProxyAddHeaders</a></code> directive.</p>
468
460
    <p>Be careful when using these headers on the origin server, since
469
    <p>Be careful when using these headers on the origin server, since
461
    they will contain more than one (comma-separated) value if the
470
    they will contain more than one (comma-separated) value if the
462
    original request already contained one of these headers. For
471
    original request already contained one of these headers. For
Lines 2024-2029 Link Here
2024
</directivesynopsis>
2033
</directivesynopsis>
2025
2034
2026
<directivesynopsis>
2035
<directivesynopsis>
2036
<name>ProxyAddForwardedHeader</name>
2037
<description>Add proxy information in the Forwarded header</description>
2038
<syntax>ProxyAddForwardedHeader Off|On</syntax>
2039
<default>ProxyAddForwardedHeader Off</default>
2040
<contextlist><context>server config</context>
2041
<context>virtual host</context>
2042
<context>directory</context>
2043
</contextlist>
2044
<compatibility>Available in version 2.5.0 and later</compatibility>
2045
2046
<usage>
2047
    <p>This directive determines whether or not proxy-related information should be passed to the
2048
      backend server through the <code>Forwarded</code> HTTP header. The header is described in
2049
      <a href="https://www.ietf.org/rfc/rfc7239.txt">RFC 7239</a>.</p>
2050
    <note><title>Effectiveness</title>
2051
     <p>This option is of use only for HTTP proxying, as handled by <module>mod_proxy_http</module>.</p>
2052
    </note>
2053
</usage>
2054
</directivesynopsis>
2055
2056
<directivesynopsis>
2027
<name>ProxyAddHeaders</name>
2057
<name>ProxyAddHeaders</name>
2028
<description>Add proxy information in X-Forwarded-* headers</description>
2058
<description>Add proxy information in X-Forwarded-* headers</description>
2029
<syntax>ProxyAddHeaders Off|On</syntax>
2059
<syntax>ProxyAddHeaders Off|On</syntax>
Lines 2035-2042 Link Here
2035
<compatibility>Available in version 2.3.10 and later</compatibility>
2065
<compatibility>Available in version 2.3.10 and later</compatibility>
2036
2066
2037
<usage>
2067
<usage>
2038
    <p>This directive determines whether or not proxy related information should be passed to the
2068
    <p>This directive determines whether or not proxy-related information should be passed to the
2039
    backend server through X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server HTTP headers.</p>
2069
    backend server through <code>X-Forwarded-For</code>, <code>X-Forwarded-Host</code> and
2070
    <code>X-Forwarded-Server</code> HTTP headers.</p>
2040
    <note><title>Effectiveness</title>
2071
    <note><title>Effectiveness</title>
2041
     <p>This option is of use only for HTTP proxying, as handled by <module>mod_proxy_http</module>.</p>
2072
     <p>This option is of use only for HTTP proxying, as handled by <module>mod_proxy_http</module>.</p>
2042
    </note>
2073
    </note>
(-)docs/manual/mod/quickreference.html.en (+3 lines)
Lines 786-791 Link Here
786
<tr><td><a href="core.html#protocols">Protocols <var>protocol</var> ...</a></td><td> http/1.1 </td><td>sv</td><td>C</td></tr><tr><td class="descr" colspan="4">Protocols available for a server/virtual host</td></tr>
786
<tr><td><a href="core.html#protocols">Protocols <var>protocol</var> ...</a></td><td> http/1.1 </td><td>sv</td><td>C</td></tr><tr><td class="descr" colspan="4">Protocols available for a server/virtual host</td></tr>
787
<tr class="odd"><td><a href="core.html#protocolshonororder">ProtocolsHonorOrder On|Off</a></td><td> On </td><td>sv</td><td>C</td></tr><tr class="odd"><td class="descr" colspan="4">Determines if order of Protocols determines precedence during negotiation</td></tr>
787
<tr class="odd"><td><a href="core.html#protocolshonororder">ProtocolsHonorOrder On|Off</a></td><td> On </td><td>sv</td><td>C</td></tr><tr class="odd"><td class="descr" colspan="4">Determines if order of Protocols determines precedence during negotiation</td></tr>
788
<tr><td><a href="mod_proxy.html#proxy">&lt;Proxy <var>wildcard-url</var>&gt; ...&lt;/Proxy&gt;</a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Container for directives applied to proxied resources</td></tr>
788
<tr><td><a href="mod_proxy.html#proxy">&lt;Proxy <var>wildcard-url</var>&gt; ...&lt;/Proxy&gt;</a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Container for directives applied to proxied resources</td></tr>
789
<tr class="odd"><td><a href="mod_proxy.html#proxyaddforwardedheader">ProxyAddForwardedHeader Off|On</a></td><td> Off </td><td>svd</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Add proxy information the Forwarded header</td></tr>
790
<tr><td><a href="mod_proxy.html#proxybadheader">ProxyBadHeader IsError|Ignore|StartBody</a></td><td> IsError </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Determines how to handle bad header lines in a
791
response</td></tr>
789
<tr class="odd"><td><a href="mod_proxy.html#proxyaddheaders">ProxyAddHeaders Off|On</a></td><td> On </td><td>svd</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Add proxy information in X-Forwarded-* headers</td></tr>
792
<tr class="odd"><td><a href="mod_proxy.html#proxyaddheaders">ProxyAddHeaders Off|On</a></td><td> On </td><td>svd</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Add proxy information in X-Forwarded-* headers</td></tr>
790
<tr><td><a href="mod_proxy.html#proxybadheader">ProxyBadHeader IsError|Ignore|StartBody</a></td><td> IsError </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Determines how to handle bad header lines in a
793
<tr><td><a href="mod_proxy.html#proxybadheader">ProxyBadHeader IsError|Ignore|StartBody</a></td><td> IsError </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Determines how to handle bad header lines in a
791
response</td></tr>
794
response</td></tr>
(-)docs/manual/style/scripts/prettify.js (-1 / +1 lines)
Lines 132-138 Link Here
132
  var SH_KEYWORDS = [FLOW_CONTROL_KEYWORDS, "case,done,elif,esac,eval,fi," +
132
  var SH_KEYWORDS = [FLOW_CONTROL_KEYWORDS, "case,done,elif,esac,eval,fi," +
133
      "function,in,local,set,then,until,echo"];
133
      "function,in,local,set,then,until,echo"];
134
  var CONFIG_ENVS = ["User-Agent,HTTP_USER_AGENT,HTTP_REFERER,HTTP_COOKIE,HTTP_FORWARDED,HTTP_HOST,HTTP_PROXY_CONNECTION,HTTP_ACCEPT,REMOTE_ADDR,REMOTE_HOST,REMOTE_PORT,REMOTE_USER,REMOTE_IDENT,REQUEST_METHOD,SCRIPT_FILENAME,PATH_INFO,QUERY_STRING,AUTH_TYPE,DOCUMENT_ROOT,SERVER_ADMIN,SERVER_NAME,SERVER_ADDR,SERVER_PORT,SERVER_PROTOCOL,SERVER_SOFTWARE,TIME_YEAR,TIME_MON,TIME_DAY,TIME_HOUR,TIME_MIN,TIME_SEC,TIME_WDAY,TIME,API_VERSION,THE_REQUEST,REQUEST_URI,REQUEST_FILENAME,IS_SUBREQ,HTTPS,REQUEST_SCHEME"];
134
  var CONFIG_ENVS = ["User-Agent,HTTP_USER_AGENT,HTTP_REFERER,HTTP_COOKIE,HTTP_FORWARDED,HTTP_HOST,HTTP_PROXY_CONNECTION,HTTP_ACCEPT,REMOTE_ADDR,REMOTE_HOST,REMOTE_PORT,REMOTE_USER,REMOTE_IDENT,REQUEST_METHOD,SCRIPT_FILENAME,PATH_INFO,QUERY_STRING,AUTH_TYPE,DOCUMENT_ROOT,SERVER_ADMIN,SERVER_NAME,SERVER_ADDR,SERVER_PORT,SERVER_PROTOCOL,SERVER_SOFTWARE,TIME_YEAR,TIME_MON,TIME_DAY,TIME_HOUR,TIME_MIN,TIME_SEC,TIME_WDAY,TIME,API_VERSION,THE_REQUEST,REQUEST_URI,REQUEST_FILENAME,IS_SUBREQ,HTTPS,REQUEST_SCHEME"];
135
  var CONFIG_KEYWORDS = ["Macro,UndefMacro,Use,AuthLDAPURL,AcceptFilter,AcceptPathInfo,AccessFileName,Action,AddAlt,AddAltByEncoding,AddAltByType,AddCharset,AddDefaultCharset,AddDescription,AddEncoding,AddHandler,AddIcon,AddIconByEncoding,AddIconByType,AddInputFilter,AddLanguage,AddModuleInfo,AddOutputFilter,AddOutputFilterByType,AddType,Alias,AliasMatch,Allow,AllowCONNECT,AllowEncodedSlashes,AllowMethods,AllowOverride,AllowOverrideList,Anonymous,Anonymous_LogEmail,Anonymous_MustGiveEmail,Anonymous_NoUserID,Anonymous_VerifyEmail,AsyncRequestWorkerFactor,AuthBasicAuthoritative,AuthBasicProvider,AuthDBDUserPWQuery,AuthDBDUserRealmQuery,AuthDBMGroupFile,AuthDBMType,AuthDBMUserFile,AuthDigestAlgorithm,AuthDigestDomain,AuthDigestNcCheck,AuthDigestNonceFormat,AuthDigestNonceLifetime,AuthDigestProvider,AuthDigestQop,AuthDigestShmemSize,AuthFormAuthoritative,AuthFormBody,AuthFormDisableNoStore,AuthFormFakeBasicAuth,AuthFormLocation,AuthFormLoginRequiredLocation,AuthFormLoginSuccessLocation,AuthFormLogoutLocation,AuthFormMethod,AuthFormMimetype,AuthFormPassword,AuthFormProvider,AuthFormSitePassphrase,AuthFormSize,AuthFormUsername,AuthGroupFile,AuthLDAPAuthorizePrefix,AuthLDAPBindAuthoritative,AuthLDAPBindDN,AuthLDAPBindPassword,AuthLDAPCharsetConfig,AuthLDAPCompareAsUser,AuthLDAPCompareDNOnServer,AuthLDAPDereferenceAliases,AuthLDAPGroupAttribute,AuthLDAPGroupAttributeIsDN,AuthLDAPInitialBindAsUser,AuthLDAPInitialBindPattern,AuthLDAPMaxSubGroupDepth,AuthLDAPRemoteUserAttribute,AuthLDAPRemoteUserIsDN,AuthLDAPSearchAsUser,AuthLDAPSubGroupAttribute,AuthLDAPSubGroupClass,AuthLDAPUrl,AuthMerging,AuthName,AuthnCacheContext,AuthnCacheEnable,AuthnCacheProvideFor,AuthnCacheSOCache,AuthnCacheTimeout,<AuthnProviderAlias>,AuthType,AuthUserFile,AuthzDBDLoginToReferer,AuthzDBDQuery,AuthzDBDRedirectQuery,AuthzDBMType,<AuthzProviderAlias>,AuthzSendForbiddenOnFailure,BalancerGrowth,BalancerMember,BrowserMatch,BrowserMatchNoCase,BufferedLogs,BufferSize,CacheDefaultExpire,CacheDetailHeader,CacheDirLength,CacheDirLevels,CacheDisable,CacheEnable,CacheFile,CacheHeader,CacheIgnoreCacheControl,CacheIgnoreHeaders,CacheIgnoreNoLastMod,CacheIgnoreQueryString,CacheIgnoreURLSessionIdentifiers,CacheKeyBaseURL,CacheLastModifiedFactor,CacheLock,CacheLockMaxAge,CacheLockPath,CacheMaxExpire,CacheMaxFileSize,CacheMinExpire,CacheMinFileSize,CacheNegotiatedDocs,CacheQuickHandler,CacheReadSize,CacheReadTime,CacheRoot,CacheStaleOnError,CacheStoreExpired,CacheStoreNoStore,CacheStorePrivate,CGIMapExtension,CharsetDefault,CharsetOptions,CharsetSourceEnc,CheckCaseOnly,CheckSpelling,ChrootDir,ContentDigest,CookieDomain,CookieExpires,CookieName,CookieStyle,CookieTracking,CoreDumpDirectory,CustomLog,Dav,DavDepthInfinity,DavGenericLockDB,DavLockDB,DavMinTimeout,DBDExptime,DBDInitSQL,DBDKeep,DBDMax,DBDMin,DBDParams,DBDPersist,DBDPrepareSQL,DBDriver,DefaultIcon,DefaultLanguage,DefaultRuntimeDir,DefaultType,Define,DeflateBufferSize,DeflateCompressionLevel,DeflateFilterNote,DeflateMemLevel,DeflateWindowSize,Deny,<Directory>,DirectoryIndex,DirectoryIndexRedirect,<DirectoryMatch>,DirectorySlash,DocumentRoot,DTracePrivileges,DumpIOInput,DumpIOOutput,<Else>,<ElseIf>,EnableExceptionHook,EnableMMAP,EnableSendfile,Error,ErrorDocument,ErrorLog,ErrorLogFormat,Example,ExpiresActive,ExpiresByType,ExpiresDefault,ExtendedStatus,ExtFilterDefine,ExtFilterOptions,FallbackResource,FileETag,<Files>,<FilesMatch>,FilterChain,FilterDeclare,FilterProtocol,FilterProvider,FilterTrace,ForceLanguagePriority,ForceType,ForensicLog,GprofDir,GracefulShutdownTimeout,Group,Header,HeaderName,HeartbeatAddress,HeartbeatListen,HeartbeatMaxServers,HeartbeatStorage,HeartbeatStorage,HostnameLookups,IdentityCheck,IdentityCheckTimeout,<If>,<IfDefine>,<IfModule>,<IfVersion>,ImapBase,ImapDefault,ImapMenu,Include,IncludeOptional,IndexHeadInsert,IndexIgnore,IndexIgnoreReset,IndexOptions,IndexOrderDefault,IndexStyleSheet,InputSed,ISAPIAppendLogToErrors,ISAPIAppendLogToQuery,ISAPICacheFile,ISAPIFakeAsync,ISAPILogNotSupported,ISAPIReadAheadBuffer,KeepAlive,KeepAliveTimeout,KeptBodySize,LanguagePriority,LDAPCacheEntries,LDAPCacheTTL,LDAPConnectionPoolTTL,LDAPConnectionTimeout,LDAPLibraryDebug,LDAPOpCacheEntries,LDAPOpCacheTTL,LDAPReferralHopLimit,LDAPReferrals,LDAPRetries,LDAPRetryDelay,LDAPSharedCacheFile,LDAPSharedCacheSize,LDAPTimeout,LDAPTrustedClientCert,LDAPTrustedGlobalCert,LDAPTrustedMode,LDAPVerifyServerCert,<Limit>,<LimitExcept>,LimitInternalRecursion,LimitRequestBody,LimitRequestFields,LimitRequestFieldSize,LimitRequestLine,LimitXMLRequestBody,Listen,ListenBackLog,LoadFile,LoadModule,<Location>,<LocationMatch>,LogFormat,LogLevel,LogMessage,LuaCodeCache,LuaHookAccessChecker,LuaHookAuthChecker,LuaAuthzProvider,LuaHookCheckUserID,LuaHookFixups,LuaHookInsertFilter,LuaHookMapToStorage,LuaHookTranslateName,LuaHookTypeChecker,LuaInherit,LuaInputFilter,LuaMapHandler,LuaOutputFilter,LuaPackageCPath,LuaPackagePath,LuaQuickHandler,LuaRoot,LuaScope,MaxConnectionsPerChild,MaxKeepAliveRequests,MaxMemFree,MaxRangeOverlaps,MaxRangeReversals,MaxRanges,MaxRequestWorkers,MaxSpareServers,MaxSpareThreads,MaxThreads,MetaDir,MetaFiles,MetaSuffix,MimeMagicFile,MinSpareServers,MinSpareThreads,MMapFile,ModemStandard,ModMimeUsePathInfo,MultiviewsMatch,Mutex,NameVirtualHost,NoProxy,NWSSLTrustedCerts,NWSSLUpgradeable,Options,Order,OutputSed,PassEnv,PidFile,PrivilegesMode,Protocol,ProtocolEcho,<Proxy>,ProxyAddHeaders,ProxyBadHeader,ProxyBlock,ProxyDomain,ProxyErrorOverride,ProxyExpressDBMFile,ProxyExpressDBMType,ProxyExpressEnable,ProxyFtpDirCharset,ProxyFtpEscapeWildcards,ProxyFtpListOnWildcard,ProxyHTMLBufSize,ProxyHTMLCharsetOut,ProxyHTMLDocType,ProxyHTMLEnable,ProxyHTMLEvents,ProxyHTMLExtended,ProxyHTMLFixups,ProxyHTMLInterp,ProxyHTMLLinks,ProxyHTMLStripComments,ProxyHTMLURLMap,ProxyIOBufferSize,<ProxyMatch>,ProxyMaxForwards,ProxyPass,ProxyPassInterpolateEnv,ProxyPassMatch,ProxyPassReverse,ProxyPassReverseCookieDomain,ProxyPassReverseCookiePath,ProxyPreserveHost,ProxyReceiveBufferSize,ProxyRemote,ProxyRemoteMatch,ProxyRequests,ProxySCGIInternalRedirect,ProxySCGISendfile,ProxySet,ProxySourceAddress,ProxyStatus,ProxyTimeout,ProxyVia,ReadmeName,ReceiveBufferSize,Redirect,RedirectMatch,RedirectPermanent,RedirectTemp,ReflectorHeader,RemoteIPHeader,RemoteIPInternalProxy,RemoteIPInternalProxyList,RemoteIPProxiesHeader,RemoteIPTrustedProxy,RemoteIPTrustedProxyList,RemoveCharset,RemoveEncoding,RemoveHandler,RemoveInputFilter,RemoveLanguage,RemoveOutputFilter,RemoveType,RequestHeader,RequestReadTimeout,Require,<RequireAll>,<RequireAny>,<RequireNone>,RewriteBase,RewriteCond,RewriteEngine,RewriteMap,RewriteOptions,RewriteRule,RLimitCPU,RLimitMEM,RLimitNPROC,Satisfy,ScoreBoardFile,Script,ScriptAlias,ScriptAliasMatch,ScriptInterpreterSource,ScriptLog,ScriptLogBuffer,ScriptLogLength,ScriptSock,SecureListen,SeeRequestTail,SendBufferSize,ServerAdmin,ServerAlias,ServerLimit,ServerName,ServerPath,ServerRoot,ServerSignature,ServerTokens,Session,SessionCookieName,SessionCookieName2,SessionCookieRemove,SessionCryptoCipher,SessionCryptoDriver,SessionCryptoPassphrase,SessionCryptoPassphraseFile,SessionDBDCookieName,SessionDBDCookieName2,SessionDBDCookieRemove,SessionDBDDeleteLabel,SessionDBDInsertLabel,SessionDBDPerUser,SessionDBDSelectLabel,SessionDBDUpdateLabel,SessionEnv,SessionExclude,SessionHeader,SessionInclude,SessionMaxAge,SetEnv,SetEnvIf,SetEnvIfExpr,SetEnvIfNoCase,SetHandler,SetInputFilter,SetOutputFilter,SSIEndTag,SSIErrorMsg,SSIETag,SSILastModified,SSILegacyExprParser,SSIStartTag,SSITimeFormat,SSIUndefinedEcho,SSLCACertificateFile,SSLCACertificatePath,SSLCADNRequestFile,SSLCADNRequestPath,SSLCARevocationCheck,SSLCARevocationFile,SSLCARevocationPath,SSLCertificateChainFile,SSLCertificateFile,SSLCertificateKeyFile,SSLCipherSuite,SSLCryptoDevice,SSLEngine,SSLFIPS,SSLHonorCipherOrder,SSLInsecureRenegotiation,SSLOCSPDefaultResponder,SSLOCSPEnable,SSLOCSPOverrideResponder,SSLOCSPResponderTimeout,SSLOCSPResponseMaxAge,SSLOCSPResponseTimeSkew,SSLOptions,SSLPassPhraseDialog,SSLProtocol,SSLProxyCACertificateFile,SSLProxyCACertificatePath,SSLProxyCARevocationCheck,SSLProxyCARevocationFile,SSLProxyCARevocationPath,SSLProxyCheckPeerCN,SSLProxyCheckPeerExpire,SSLProxyCipherSuite,SSLProxyEngine,SSLProxyMachineCertificateChainFile,SSLProxyMachineCertificateFile,SSLProxyMachineCertificatePath,SSLProxyProtocol,SSLProxyVerify,SSLProxyVerifyDepth,SSLRandomSeed,SSLRenegBufferSize,SSLRequire,SSLRequireSSL,SSLSessionCache,SSLSessionCacheTimeout,SSLSessionTicketKeyFile,SSLStaplingCache,SSLStaplingErrorCacheTimeout,SSLStaplingFakeTryLater,SSLStaplingForceURL,SSLStaplingResponderTimeout,SSLStaplingResponseMaxAge,SSLStaplingResponseTimeSkew,SSLStaplingReturnResponderErrors,SSLStaplingStandardCacheTimeout,SSLStrictSNIVHostCheck,SSLUserName,SSLUseStapling,SSLVerifyClient,SSLVerifyDepth,StartServers,StartThreads,Substitute,Suexec,SuexecUserGroup,ThreadLimit,ThreadsPerChild,ThreadStackSize,TimeOut,TraceEnable,TransferLog,TypesConfig,UnDefine,UnsetEnv,UseCanonicalName,UseCanonicalPhysicalPort,User,UserDir,VHostCGIMode,VHostCGIPrivs,VHostGroup,VHostPrivs,VHostSecure,VHostUser,VirtualDocumentRoot,VirtualDocumentRootIP,<VirtualHost>,VirtualScriptAlias,VirtualScriptAliasIP,WatchdogInterval,XBitHack,xml2EncAlias,xml2EncDefault,xml2StartParse,RewriteLog,RewriteLogLevel"];
135
  var CONFIG_KEYWORDS = ["Macro,UndefMacro,Use,AuthLDAPURL,AcceptFilter,AcceptPathInfo,AccessFileName,Action,AddAlt,AddAltByEncoding,AddAltByType,AddCharset,AddDefaultCharset,AddDescription,AddEncoding,AddHandler,AddIcon,AddIconByEncoding,AddIconByType,AddInputFilter,AddLanguage,AddModuleInfo,AddOutputFilter,AddOutputFilterByType,AddType,Alias,AliasMatch,Allow,AllowCONNECT,AllowEncodedSlashes,AllowMethods,AllowOverride,AllowOverrideList,Anonymous,Anonymous_LogEmail,Anonymous_MustGiveEmail,Anonymous_NoUserID,Anonymous_VerifyEmail,AsyncRequestWorkerFactor,AuthBasicAuthoritative,AuthBasicProvider,AuthDBDUserPWQuery,AuthDBDUserRealmQuery,AuthDBMGroupFile,AuthDBMType,AuthDBMUserFile,AuthDigestAlgorithm,AuthDigestDomain,AuthDigestNcCheck,AuthDigestNonceFormat,AuthDigestNonceLifetime,AuthDigestProvider,AuthDigestQop,AuthDigestShmemSize,AuthFormAuthoritative,AuthFormBody,AuthFormDisableNoStore,AuthFormFakeBasicAuth,AuthFormLocation,AuthFormLoginRequiredLocation,AuthFormLoginSuccessLocation,AuthFormLogoutLocation,AuthFormMethod,AuthFormMimetype,AuthFormPassword,AuthFormProvider,AuthFormSitePassphrase,AuthFormSize,AuthFormUsername,AuthGroupFile,AuthLDAPAuthorizePrefix,AuthLDAPBindAuthoritative,AuthLDAPBindDN,AuthLDAPBindPassword,AuthLDAPCharsetConfig,AuthLDAPCompareAsUser,AuthLDAPCompareDNOnServer,AuthLDAPDereferenceAliases,AuthLDAPGroupAttribute,AuthLDAPGroupAttributeIsDN,AuthLDAPInitialBindAsUser,AuthLDAPInitialBindPattern,AuthLDAPMaxSubGroupDepth,AuthLDAPRemoteUserAttribute,AuthLDAPRemoteUserIsDN,AuthLDAPSearchAsUser,AuthLDAPSubGroupAttribute,AuthLDAPSubGroupClass,AuthLDAPUrl,AuthMerging,AuthName,AuthnCacheContext,AuthnCacheEnable,AuthnCacheProvideFor,AuthnCacheSOCache,AuthnCacheTimeout,<AuthnProviderAlias>,AuthType,AuthUserFile,AuthzDBDLoginToReferer,AuthzDBDQuery,AuthzDBDRedirectQuery,AuthzDBMType,<AuthzProviderAlias>,AuthzSendForbiddenOnFailure,BalancerGrowth,BalancerMember,BrowserMatch,BrowserMatchNoCase,BufferedLogs,BufferSize,CacheDefaultExpire,CacheDetailHeader,CacheDirLength,CacheDirLevels,CacheDisable,CacheEnable,CacheFile,CacheHeader,CacheIgnoreCacheControl,CacheIgnoreHeaders,CacheIgnoreNoLastMod,CacheIgnoreQueryString,CacheIgnoreURLSessionIdentifiers,CacheKeyBaseURL,CacheLastModifiedFactor,CacheLock,CacheLockMaxAge,CacheLockPath,CacheMaxExpire,CacheMaxFileSize,CacheMinExpire,CacheMinFileSize,CacheNegotiatedDocs,CacheQuickHandler,CacheReadSize,CacheReadTime,CacheRoot,CacheStaleOnError,CacheStoreExpired,CacheStoreNoStore,CacheStorePrivate,CGIMapExtension,CharsetDefault,CharsetOptions,CharsetSourceEnc,CheckCaseOnly,CheckSpelling,ChrootDir,ContentDigest,CookieDomain,CookieExpires,CookieName,CookieStyle,CookieTracking,CoreDumpDirectory,CustomLog,Dav,DavDepthInfinity,DavGenericLockDB,DavLockDB,DavMinTimeout,DBDExptime,DBDInitSQL,DBDKeep,DBDMax,DBDMin,DBDParams,DBDPersist,DBDPrepareSQL,DBDriver,DefaultIcon,DefaultLanguage,DefaultRuntimeDir,DefaultType,Define,DeflateBufferSize,DeflateCompressionLevel,DeflateFilterNote,DeflateMemLevel,DeflateWindowSize,Deny,<Directory>,DirectoryIndex,DirectoryIndexRedirect,<DirectoryMatch>,DirectorySlash,DocumentRoot,DTracePrivileges,DumpIOInput,DumpIOOutput,<Else>,<ElseIf>,EnableExceptionHook,EnableMMAP,EnableSendfile,Error,ErrorDocument,ErrorLog,ErrorLogFormat,Example,ExpiresActive,ExpiresByType,ExpiresDefault,ExtendedStatus,ExtFilterDefine,ExtFilterOptions,FallbackResource,FileETag,<Files>,<FilesMatch>,FilterChain,FilterDeclare,FilterProtocol,FilterProvider,FilterTrace,ForceLanguagePriority,ForceType,ForensicLog,GprofDir,GracefulShutdownTimeout,Group,Header,HeaderName,HeartbeatAddress,HeartbeatListen,HeartbeatMaxServers,HeartbeatStorage,HeartbeatStorage,HostnameLookups,IdentityCheck,IdentityCheckTimeout,<If>,<IfDefine>,<IfModule>,<IfVersion>,ImapBase,ImapDefault,ImapMenu,Include,IncludeOptional,IndexHeadInsert,IndexIgnore,IndexIgnoreReset,IndexOptions,IndexOrderDefault,IndexStyleSheet,InputSed,ISAPIAppendLogToErrors,ISAPIAppendLogToQuery,ISAPICacheFile,ISAPIFakeAsync,ISAPILogNotSupported,ISAPIReadAheadBuffer,KeepAlive,KeepAliveTimeout,KeptBodySize,LanguagePriority,LDAPCacheEntries,LDAPCacheTTL,LDAPConnectionPoolTTL,LDAPConnectionTimeout,LDAPLibraryDebug,LDAPOpCacheEntries,LDAPOpCacheTTL,LDAPReferralHopLimit,LDAPReferrals,LDAPRetries,LDAPRetryDelay,LDAPSharedCacheFile,LDAPSharedCacheSize,LDAPTimeout,LDAPTrustedClientCert,LDAPTrustedGlobalCert,LDAPTrustedMode,LDAPVerifyServerCert,<Limit>,<LimitExcept>,LimitInternalRecursion,LimitRequestBody,LimitRequestFields,LimitRequestFieldSize,LimitRequestLine,LimitXMLRequestBody,Listen,ListenBackLog,LoadFile,LoadModule,<Location>,<LocationMatch>,LogFormat,LogLevel,LogMessage,LuaCodeCache,LuaHookAccessChecker,LuaHookAuthChecker,LuaAuthzProvider,LuaHookCheckUserID,LuaHookFixups,LuaHookInsertFilter,LuaHookMapToStorage,LuaHookTranslateName,LuaHookTypeChecker,LuaInherit,LuaInputFilter,LuaMapHandler,LuaOutputFilter,LuaPackageCPath,LuaPackagePath,LuaQuickHandler,LuaRoot,LuaScope,MaxConnectionsPerChild,MaxKeepAliveRequests,MaxMemFree,MaxRangeOverlaps,MaxRangeReversals,MaxRanges,MaxRequestWorkers,MaxSpareServers,MaxSpareThreads,MaxThreads,MetaDir,MetaFiles,MetaSuffix,MimeMagicFile,MinSpareServers,MinSpareThreads,MMapFile,ModemStandard,ModMimeUsePathInfo,MultiviewsMatch,Mutex,NameVirtualHost,NoProxy,NWSSLTrustedCerts,NWSSLUpgradeable,Options,Order,OutputSed,PassEnv,PidFile,PrivilegesMode,Protocol,ProtocolEcho,<Proxy>,ProxyAddForwardedHeader,ProxyAddHeaders,ProxyBadHeader,ProxyBlock,ProxyDomain,ProxyErrorOverride,ProxyExpressDBMFile,ProxyExpressDBMType,ProxyExpressEnable,ProxyFtpDirCharset,ProxyFtpEscapeWildcards,ProxyFtpListOnWildcard,ProxyHTMLBufSize,ProxyHTMLCharsetOut,ProxyHTMLDocType,ProxyHTMLEnable,ProxyHTMLEvents,ProxyHTMLExtended,ProxyHTMLFixups,ProxyHTMLInterp,ProxyHTMLLinks,ProxyHTMLStripComments,ProxyHTMLURLMap,ProxyIOBufferSize,<ProxyMatch>,ProxyMaxForwards,ProxyPass,ProxyPassInterpolateEnv,ProxyPassMatch,ProxyPassReverse,ProxyPassReverseCookieDomain,ProxyPassReverseCookiePath,ProxyPreserveHost,ProxyReceiveBufferSize,ProxyRemote,ProxyRemoteMatch,ProxyRequests,ProxySCGIInternalRedirect,ProxySCGISendfile,ProxySet,ProxySourceAddress,ProxyStatus,ProxyTimeout,ProxyVia,ReadmeName,ReceiveBufferSize,Redirect,RedirectMatch,RedirectPermanent,RedirectTemp,ReflectorHeader,RemoteIPHeader,RemoteIPInternalProxy,RemoteIPInternalProxyList,RemoteIPProxiesHeader,RemoteIPTrustedProxy,RemoteIPTrustedProxyList,RemoveCharset,RemoveEncoding,RemoveHandler,RemoveInputFilter,RemoveLanguage,RemoveOutputFilter,RemoveType,RequestHeader,RequestReadTimeout,Require,<RequireAll>,<RequireAny>,<RequireNone>,RewriteBase,RewriteCond,RewriteEngine,RewriteMap,RewriteOptions,RewriteRule,RLimitCPU,RLimitMEM,RLimitNPROC,Satisfy,ScoreBoardFile,Script,ScriptAlias,ScriptAliasMatch,ScriptInterpreterSource,ScriptLog,ScriptLogBuffer,ScriptLogLength,ScriptSock,SecureListen,SeeRequestTail,SendBufferSize,ServerAdmin,ServerAlias,ServerLimit,ServerName,ServerPath,ServerRoot,ServerSignature,ServerTokens,Session,SessionCookieName,SessionCookieName2,SessionCookieRemove,SessionCryptoCipher,SessionCryptoDriver,SessionCryptoPassphrase,SessionCryptoPassphraseFile,SessionDBDCookieName,SessionDBDCookieName2,SessionDBDCookieRemove,SessionDBDDeleteLabel,SessionDBDInsertLabel,SessionDBDPerUser,SessionDBDSelectLabel,SessionDBDUpdateLabel,SessionEnv,SessionExclude,SessionHeader,SessionInclude,SessionMaxAge,SetEnv,SetEnvIf,SetEnvIfExpr,SetEnvIfNoCase,SetHandler,SetInputFilter,SetOutputFilter,SSIEndTag,SSIErrorMsg,SSIETag,SSILastModified,SSILegacyExprParser,SSIStartTag,SSITimeFormat,SSIUndefinedEcho,SSLCACertificateFile,SSLCACertificatePath,SSLCADNRequestFile,SSLCADNRequestPath,SSLCARevocationCheck,SSLCARevocationFile,SSLCARevocationPath,SSLCertificateChainFile,SSLCertificateFile,SSLCertificateKeyFile,SSLCipherSuite,SSLCryptoDevice,SSLEngine,SSLFIPS,SSLHonorCipherOrder,SSLInsecureRenegotiation,SSLOCSPDefaultResponder,SSLOCSPEnable,SSLOCSPOverrideResponder,SSLOCSPResponderTimeout,SSLOCSPResponseMaxAge,SSLOCSPResponseTimeSkew,SSLOptions,SSLPassPhraseDialog,SSLProtocol,SSLProxyCACertificateFile,SSLProxyCACertificatePath,SSLProxyCARevocationCheck,SSLProxyCARevocationFile,SSLProxyCARevocationPath,SSLProxyCheckPeerCN,SSLProxyCheckPeerExpire,SSLProxyCipherSuite,SSLProxyEngine,SSLProxyMachineCertificateChainFile,SSLProxyMachineCertificateFile,SSLProxyMachineCertificatePath,SSLProxyProtocol,SSLProxyVerify,SSLProxyVerifyDepth,SSLRandomSeed,SSLRenegBufferSize,SSLRequire,SSLRequireSSL,SSLSessionCache,SSLSessionCacheTimeout,SSLSessionTicketKeyFile,SSLStaplingCache,SSLStaplingErrorCacheTimeout,SSLStaplingFakeTryLater,SSLStaplingForceURL,SSLStaplingResponderTimeout,SSLStaplingResponseMaxAge,SSLStaplingResponseTimeSkew,SSLStaplingReturnResponderErrors,SSLStaplingStandardCacheTimeout,SSLStrictSNIVHostCheck,SSLUserName,SSLUseStapling,SSLVerifyClient,SSLVerifyDepth,StartServers,StartThreads,Substitute,Suexec,SuexecUserGroup,ThreadLimit,ThreadsPerChild,ThreadStackSize,TimeOut,TraceEnable,TransferLog,TypesConfig,UnDefine,UnsetEnv,UseCanonicalName,UseCanonicalPhysicalPort,User,UserDir,VHostCGIMode,VHostCGIPrivs,VHostGroup,VHostPrivs,VHostSecure,VHostUser,VirtualDocumentRoot,VirtualDocumentRootIP,<VirtualHost>,VirtualScriptAlias,VirtualScriptAliasIP,WatchdogInterval,XBitHack,xml2EncAlias,xml2EncDefault,xml2StartParse,RewriteLog,RewriteLogLevel"];
136
  var CONFIG_OPTIONS = /^[\\+\\-]?(AuthConfig|IncludesNOEXEC|ExecCGI|FollowSymLinks|MultiViews|Includes|Indexes|SymLinksIfOwnerMatch)\b/i;
136
  var CONFIG_OPTIONS = /^[\\+\\-]?(AuthConfig|IncludesNOEXEC|ExecCGI|FollowSymLinks|MultiViews|Includes|Indexes|SymLinksIfOwnerMatch)\b/i;
137
  var ALL_KEYWORDS = [
137
  var ALL_KEYWORDS = [
138
      CPP_KEYWORDS, CSHARP_KEYWORDS, JSCRIPT_KEYWORDS, PERL_KEYWORDS +
138
      CPP_KEYWORDS, CSHARP_KEYWORDS, JSCRIPT_KEYWORDS, PERL_KEYWORDS +
(-)modules/http2/h2_proxy_session.c (+26 lines)
Lines 742-747 Link Here
742
    h2_proxy_req_make(stream->req, stream->pool, r->method, scheme,
742
    h2_proxy_req_make(stream->req, stream->pool, r->method, scheme,
743
                authority, path, r->headers_in);
743
                authority, path, r->headers_in);
744
744
745
    if (dconf->add_forwarded_header) {
746
        if (PROXYREQ_REVERSE == r->proxyreq) {
747
            const char *buf, *for_param, *host, *host_param = NULL;
748
749
            if (r->useragent_addr->family == APR_INET6 &&
750
                !IN6_IS_ADDR_V4MAPPED((struct in6_addr *)r->useragent_addr->ipaddr_ptr)) {
751
                apr_sockaddr_ip_get(&r->useragent_ip, r->useragent_addr);
752
                for_param = apr_pstrcat(r->pool, "\"[", r->useragent_ip, "]\"", NULL);
753
            } else {
754
                for_param = r->useragent_ip;
755
            }
756
757
            if ((host = apr_table_get(r->headers_in, "Host"))) {
758
                host_param = apr_pstrcat(r->pool, "; host=\"", host, "\"", NULL);
759
            }
760
761
            buf = apr_pstrcat(r->pool, "for=", for_param,
762
                "; scheme=", ap_http_scheme(r),
763
                host_param,
764
                NULL
765
            );
766
767
            apr_table_mergen(stream->req->headers, "Forwarded", buf);
768
        }
769
    }
770
745
    if (dconf->add_forwarded_headers) {
771
    if (dconf->add_forwarded_headers) {
746
        if (PROXYREQ_REVERSE == r->proxyreq) {
772
        if (PROXYREQ_REVERSE == r->proxyreq) {
747
            const char *buf;
773
            const char *buf;
(-)modules/proxy/mod_proxy.c (-2 / +13 lines)
Lines 1567-1572 Link Here
1567
    new->interpolate_env = -1; /* unset */
1567
    new->interpolate_env = -1; /* unset */
1568
    new->error_override = 0;
1568
    new->error_override = 0;
1569
    new->error_override_set = 0;
1569
    new->error_override_set = 0;
1570
    new->add_forwarded_header = 0;
1570
    new->add_forwarded_headers = 1;
1571
    new->add_forwarded_headers = 1;
1571
1572
1572
    return (void *) new;
1573
    return (void *) new;
Lines 1599-1604 Link Here
1599
    new->error_override_set = add->error_override_set || base->error_override_set;
1600
    new->error_override_set = add->error_override_set || base->error_override_set;
1600
    new->alias = (add->alias_set == 0) ? base->alias : add->alias;
1601
    new->alias = (add->alias_set == 0) ? base->alias : add->alias;
1601
    new->alias_set = add->alias_set || base->alias_set;
1602
    new->alias_set = add->alias_set || base->alias_set;
1603
    new->add_forwarded_header = add->add_forwarded_header;
1602
    new->add_forwarded_headers = add->add_forwarded_headers;
1604
    new->add_forwarded_headers = add->add_forwarded_headers;
1603
    return new;
1605
    return new;
1604
}
1606
}
Lines 2098-2106 Link Here
2098
    return NULL;
2100
    return NULL;
2099
}
2101
}
2100
static const char *
2102
static const char *
2101
   add_proxy_http_headers(cmd_parms *parms, void *dconf, int flag)
2103
   add_proxy_forwarded_header(cmd_parms *parms, void *dconf, int flag)
2102
{
2104
{
2103
   proxy_dir_conf *conf = dconf;
2105
   proxy_dir_conf *conf = dconf;
2106
   conf->add_forwarded_header = flag;
2107
   return NULL;
2108
}
2109
static const char *
2110
   add_proxy_forwarded_headers(cmd_parms *parms, void *dconf, int flag)
2111
{
2112
   proxy_dir_conf *conf = dconf;
2104
   conf->add_forwarded_headers = flag;
2113
   conf->add_forwarded_headers = flag;
2105
   return NULL;
2114
   return NULL;
2106
}
2115
}
Lines 2698-2704 Link Here
2698
     "A balancer or worker name with list of params"),
2707
     "A balancer or worker name with list of params"),
2699
    AP_INIT_TAKE1("ProxySourceAddress", set_source_address, NULL, RSRC_CONF,
2708
    AP_INIT_TAKE1("ProxySourceAddress", set_source_address, NULL, RSRC_CONF,
2700
     "Configure local source IP used for request forward"),
2709
     "Configure local source IP used for request forward"),
2701
    AP_INIT_FLAG("ProxyAddHeaders", add_proxy_http_headers, NULL, RSRC_CONF|ACCESS_CONF,
2710
    AP_INIT_FLAG("ProxyAddForwardedHeader", add_proxy_forwarded_header, NULL, RSRC_CONF|ACCESS_CONF,
2711
     "on if the Forwarded header should be added or completed"),
2712
    AP_INIT_FLAG("ProxyAddHeaders", add_proxy_forwarded_headers, NULL, RSRC_CONF|ACCESS_CONF,
2702
     "on if X-Forwarded-* headers should be added or completed"),
2713
     "on if X-Forwarded-* headers should be added or completed"),
2703
    {NULL}
2714
    {NULL}
2704
};
2715
};
(-)modules/proxy/mod_proxy.h (+1 lines)
Lines 234-239 Link Here
234
    unsigned int preserve_host_set:1;
234
    unsigned int preserve_host_set:1;
235
    unsigned int error_override_set:1;
235
    unsigned int error_override_set:1;
236
    unsigned int alias_set:1;
236
    unsigned int alias_set:1;
237
    unsigned int add_forwarded_header:1;
237
    unsigned int add_forwarded_headers:1;
238
    unsigned int add_forwarded_headers:1;
238
239
239
    /** Named back references */
240
    /** Named back references */
(-)modules/proxy/proxy_util.c (-3 / +29 lines)
Lines 3599-3605 Link Here
3599
        }
3599
        }
3600
    }
3600
    }
3601
3601
3602
    /* X-Forwarded-*: handling
3602
    /* Handle Forwarded and X-Forwarded-*
3603
     *
3603
     *
3604
     * XXX Privacy Note:
3604
     * XXX Privacy Note:
3605
     * -----------------
3605
     * -----------------
Lines 3616-3624 Link Here
3616
     *
3616
     *
3617
     * The HTTP/1.1 Via: header is designed for passing client
3617
     * The HTTP/1.1 Via: header is designed for passing client
3618
     * information through proxies to a server, and should be used in
3618
     * information through proxies to a server, and should be used in
3619
     * a forward proxy configuration instead of X-Forwarded-*. See the
3619
     * a forward proxy configuration instead of Forwarded and
3620
     * ProxyVia option for details.
3620
     * X-Forwarded-*. See the ProxyVia option for details.
3621
     */
3621
     */
3622
    if (dconf->add_forwarded_header) {
3623
        if (PROXYREQ_REVERSE == r->proxyreq) {
3624
            const char *buf, *for_param, *host, *host_param = NULL;
3625
3626
            if (r->useragent_addr->family == APR_INET6 &&
3627
                !IN6_IS_ADDR_V4MAPPED((struct in6_addr *)r->useragent_addr->ipaddr_ptr)) {
3628
                apr_sockaddr_ip_get(&r->useragent_ip, r->useragent_addr);
3629
                for_param = apr_pstrcat(r->pool, "\"[", r->useragent_ip, "]\"", NULL);
3630
            } else {
3631
                for_param = r->useragent_ip;
3632
            }
3633
3634
            if ((host = apr_table_get(r->headers_in, "Host"))) {
3635
                host_param = apr_pstrcat(r->pool, "; host=\"", host, "\"", NULL);
3636
            }
3637
3638
            buf = apr_pstrcat(r->pool, "for=", for_param,
3639
                "; scheme=", ap_http_scheme(r),
3640
                host_param,
3641
                NULL
3642
            );
3643
3644
            apr_table_mergen(r->headers_in, "Forwarded", buf);
3645
        }
3646
    }
3647
3622
    if (dconf->add_forwarded_headers) {
3648
    if (dconf->add_forwarded_headers) {
3623
        if (PROXYREQ_REVERSE == r->proxyreq) {
3649
        if (PROXYREQ_REVERSE == r->proxyreq) {
3624
            const char *buf;
3650
            const char *buf;

Return to bug 58001