View | Details | Raw Unified | Return to bug 61355
Collapse All | Expand All

(-)modules/metadata/mod_remoteip.c (+27 lines)
Lines 55-60 Link Here
55
     * (removed as the physical connection and
55
     * (removed as the physical connection and
56
     * from the proxy-via IP header value list)
56
     * from the proxy-via IP header value list)
57
     */
57
     */
58
    const char *header_scheme;
59
    /** A header to record the proxied scheme
60
     * (removed as the physical connection and
61
     * from the proxy-via IP header value list)
62
     */
58
    const char *proxies_header_name;
63
    const char *proxies_header_name;
59
    /** A list of trusted proxies, ideally configured
64
    /** A list of trusted proxies, ideally configured
60
     *  with the most commonly encountered listed first
65
     *  with the most commonly encountered listed first
Lines 154-159 Link Here
154
    remoteip_config_t *config = apr_pcalloc(p, sizeof(*config));
159
    remoteip_config_t *config = apr_pcalloc(p, sizeof(*config));
155
    config->disabled_subnets = apr_array_make(p, 1, sizeof(apr_ipsubnet_t *));
160
    config->disabled_subnets = apr_array_make(p, 1, sizeof(apr_ipsubnet_t *));
156
    /* config->header_name = NULL;
161
    /* config->header_name = NULL;
162
     * config->header_scheme = NULL;
157
     * config->proxies_header_name = NULL;
163
     * config->proxies_header_name = NULL;
158
     * config->proxy_protocol_enabled = NULL;
164
     * config->proxy_protocol_enabled = NULL;
159
     * config->proxy_protocol_disabled = NULL;
165
     * config->proxy_protocol_disabled = NULL;
Lines 173-178 Link Here
173
    config->header_name = server->header_name
179
    config->header_name = server->header_name
174
                        ? server->header_name
180
                        ? server->header_name
175
                        : global->header_name;
181
                        : global->header_name;
182
    config->header_scheme = server->header_scheme
183
                          ? server->header_scheme
184
                          : global->header_scheme;
176
    config->proxies_header_name = server->proxies_header_name
185
    config->proxies_header_name = server->proxies_header_name
177
                                ? server->proxies_header_name
186
                                ? server->proxies_header_name
178
                                : global->proxies_header_name;
187
                                : global->proxies_header_name;
Lines 191-196 Link Here
191
    return NULL;
200
    return NULL;
192
}
201
}
193
202
203
static const char *scheme_name_set(cmd_parms *cmd, void *dummy,
204
                                   const char *arg)
205
{
206
    remoteip_config_t *config = ap_get_module_config(cmd->server->module_config,
207
                                                     &remoteip_module);
208
    config->header_scheme = arg;
209
    return NULL;
210
}
211
194
static const char *proxies_header_name_set(cmd_parms *cmd, void *dummy,
212
static const char *proxies_header_name_set(cmd_parms *cmd, void *dummy,
195
                                           const char *arg)
213
                                           const char *arg)
196
{
214
{
Lines 529-534 Link Here
529
547
530
    apr_status_t rv;
548
    apr_status_t rv;
531
    char *remote;
549
    char *remote;
550
    char *scheme;
532
    char *proxy_ips = NULL;
551
    char *proxy_ips = NULL;
533
    char *parse_remote;
552
    char *parse_remote;
534
    char *eos;
553
    char *eos;
Lines 739-744 Link Here
739
758
740
    r->useragent_addr = req->useragent_addr;
759
    r->useragent_addr = req->useragent_addr;
741
    r->useragent_ip = req->useragent_ip;
760
    r->useragent_ip = req->useragent_ip;
761
    if (config->header_name) {
762
        scheme = (char *) apr_table_get(r->headers_in, config->header_scheme);
763
        if (scheme && strcmp(scheme, "https") == 0)
764
            r->server->server_scheme = scheme;
765
    }
742
766
743
    ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
767
    ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
744
                  req->proxy_ips
768
                  req->proxy_ips
Lines 1199-1204 Link Here
1199
    AP_INIT_TAKE1("RemoteIPHeader", header_name_set, NULL, RSRC_CONF,
1223
    AP_INIT_TAKE1("RemoteIPHeader", header_name_set, NULL, RSRC_CONF,
1200
                  "Specifies a request header to trust as the client IP, "
1224
                  "Specifies a request header to trust as the client IP, "
1201
                  "e.g. X-Forwarded-For"),
1225
                  "e.g. X-Forwarded-For"),
1226
    AP_INIT_TAKE1("RemoteIPProtoHeader", scheme_name_set, NULL, RSRC_CONF,
1227
                  "Specifies a request header to trust as the client scheme, "
1228
                  "e.g. X-Forwarded-Proto"),
1202
    AP_INIT_TAKE1("RemoteIPProxiesHeader", proxies_header_name_set,
1229
    AP_INIT_TAKE1("RemoteIPProxiesHeader", proxies_header_name_set,
1203
                  NULL, RSRC_CONF,
1230
                  NULL, RSRC_CONF,
1204
                  "Specifies a request header to record proxy IP's, "
1231
                  "Specifies a request header to record proxy IP's, "
(-)docs/manual/mod/mod_remoteip.xml (-1 / +30 lines)
Lines 123-129 Link Here
123
    <directive module="mod_remoteip">RemoteIPTrustedProxy</directive> directives.  Unless these
123
    <directive module="mod_remoteip">RemoteIPTrustedProxy</directive> directives.  Unless these
124
    other directives are used, <module>mod_remoteip</module> will trust all
124
    other directives are used, <module>mod_remoteip</module> will trust all
125
    hosts presenting a <directive module="mod_remoteip">RemoteIPHeader</directive> IP value.</p>
125
    hosts presenting a <directive module="mod_remoteip">RemoteIPHeader</directive> IP value.</p>
126
127
    <example><title>Internal (Load Balancer) Example</title>
126
    <example><title>Internal (Load Balancer) Example</title>
128
    <highlight language="config">
127
    <highlight language="config">
129
        RemoteIPHeader X-Client-IP
128
        RemoteIPHeader X-Client-IP
Lines 139-144 Link Here
139
</directivesynopsis>
138
</directivesynopsis>
140
139
141
<directivesynopsis>
140
<directivesynopsis>
141
<name>RemoteIPProtoHeader</name>
142
<description>Declare the header field which should be parsed for useragent protocol used</description>
143
<syntax>RemoteIPProtoHeader <var>scheme-header-field</var></syntax>
144
<contextlist><context>server config</context><context>virtual host</context></contextlist>
145
146
<usage>
147
    <p>The <directive module="mod_remoteip">RemoteIPProtoHeader</directive> directive triggers
148
    <module>mod_remoteip</module> to treat the value of the specified
149
    <var>scheme-header-field</var> header as the useragent protocol used,
150
    subject to further configuration
151
    of the <directive module="mod_remoteip">RemoteIPInternalProxy</directive> and
152
    <directive module="mod_remoteip">RemoteIPTrustedProxy</directive> directives.  Unless these
153
    other directives are used, <module>mod_remoteip</module> will trust all
154
    hosts presenting a <directive module="mod_remoteip">RemoteIPProtoHeader</directive> protocol value.
155
    The only valid value for the RemoteIPProtoHeader header is "https".</p>
156
    <example><title>Internal (Load Balancer) Example</title>
157
    <highlight language="config">
158
        RemoteIPProtoHeader X-Client-Proto
159
        </highlight>
160
    </example>
161
162
    <example><title>Proxy Example</title>
163
    <highlight language="config">
164
        RemoteIPProtoHeader X-Forwarded-Proto
165
        </highlight>
166
    </example>
167
</usage>
168
</directivesynopsis>
169
170
<directivesynopsis>
142
<name>RemoteIPInternalProxy</name>
171
<name>RemoteIPInternalProxy</name>
143
<description>Declare client intranet IP addresses trusted to present the RemoteIPHeader value</description>
172
<description>Declare client intranet IP addresses trusted to present the RemoteIPHeader value</description>
144
<syntax>RemoteIPInternalProxy <var>proxy-ip</var>|<var>proxy-ip/subnet</var>|<var>hostname</var> ...</syntax>
173
<syntax>RemoteIPInternalProxy <var>proxy-ip</var>|<var>proxy-ip/subnet</var>|<var>hostname</var> ...</syntax>

Return to bug 61355