ASF Bugzilla – Attachment 36337 Details for
Bug 61355
DirectorySlash directive should use protocol in X-Forwarded-Proto header when available
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
get the proxied protocol from header with mod_remoteip
pat (text/plain), 5.33 KB, created by
Axel Reinhold
on 2018-12-19 11:08:22 UTC
(
hide
)
Description:
get the proxied protocol from header with mod_remoteip
Filename:
MIME Type:
Creator:
Axel Reinhold
Created:
2018-12-19 11:08:22 UTC
Size:
5.33 KB
patch
obsolete
>--- modules/metadata/mod_remoteip.c Wed Jun 6 21:04:45 2018 >+++ modules/metadata/mod_remoteip.c Mon Dec 17 17:50:13 2018 >@@ -55,6 +55,11 @@ > * (removed as the physical connection and > * from the proxy-via IP header value list) > */ >+ const char *header_scheme; >+ /** A header to record the proxied scheme >+ * (removed as the physical connection and >+ * from the proxy-via IP header value list) >+ */ > const char *proxies_header_name; > /** A list of trusted proxies, ideally configured > * with the most commonly encountered listed first >@@ -154,6 +159,7 @@ > remoteip_config_t *config = apr_pcalloc(p, sizeof(*config)); > config->disabled_subnets = apr_array_make(p, 1, sizeof(apr_ipsubnet_t *)); > /* config->header_name = NULL; >+ * config->header_scheme = NULL; > * config->proxies_header_name = NULL; > * config->proxy_protocol_enabled = NULL; > * config->proxy_protocol_disabled = NULL; >@@ -173,6 +179,9 @@ > config->header_name = server->header_name > ? server->header_name > : global->header_name; >+ config->header_scheme = server->header_scheme >+ ? server->header_scheme >+ : global->header_scheme; > config->proxies_header_name = server->proxies_header_name > ? server->proxies_header_name > : global->proxies_header_name; >@@ -191,6 +200,15 @@ > return NULL; > } > >+static const char *scheme_name_set(cmd_parms *cmd, void *dummy, >+ const char *arg) >+{ >+ remoteip_config_t *config = ap_get_module_config(cmd->server->module_config, >+ &remoteip_module); >+ config->header_scheme = arg; >+ return NULL; >+} >+ > static const char *proxies_header_name_set(cmd_parms *cmd, void *dummy, > const char *arg) > { >@@ -529,6 +547,7 @@ > > apr_status_t rv; > char *remote; >+ char *scheme; > char *proxy_ips = NULL; > char *parse_remote; > char *eos; >@@ -739,6 +758,11 @@ > > r->useragent_addr = req->useragent_addr; > r->useragent_ip = req->useragent_ip; >+ if (config->header_name) { >+ scheme = (char *) apr_table_get(r->headers_in, config->header_scheme); >+ if (scheme && strcmp(scheme, "https") == 0) >+ r->server->server_scheme = scheme; >+ } > > ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, > req->proxy_ips >@@ -1199,6 +1223,9 @@ > AP_INIT_TAKE1("RemoteIPHeader", header_name_set, NULL, RSRC_CONF, > "Specifies a request header to trust as the client IP, " > "e.g. X-Forwarded-For"), >+ AP_INIT_TAKE1("RemoteIPProtoHeader", scheme_name_set, NULL, RSRC_CONF, >+ "Specifies a request header to trust as the client scheme, " >+ "e.g. X-Forwarded-Proto"), > AP_INIT_TAKE1("RemoteIPProxiesHeader", proxies_header_name_set, > NULL, RSRC_CONF, > "Specifies a request header to record proxy IP's, " >EOF >: patch -b -p0 <<'EOF' >--- docs/manual/mod/mod_remoteip.xml (revision 1849285) >+++ docs/manual/mod/mod_remoteip.xml (working copy) >@@ -123,7 +123,6 @@ > <directive module="mod_remoteip">RemoteIPTrustedProxy</directive> directives. Unless these > other directives are used, <module>mod_remoteip</module> will trust all > hosts presenting a <directive module="mod_remoteip">RemoteIPHeader</directive> IP value.</p> >- > <example><title>Internal (Load Balancer) Example</title> > <highlight language="config"> > RemoteIPHeader X-Client-IP >@@ -139,6 +138,36 @@ > </directivesynopsis> > > <directivesynopsis> >+<name>RemoteIPProtoHeader</name> >+<description>Declare the header field which should be parsed for useragent protocol used</description> >+<syntax>RemoteIPProtoHeader <var>scheme-header-field</var></syntax> >+<contextlist><context>server config</context><context>virtual host</context></contextlist> >+ >+<usage> >+ <p>The <directive module="mod_remoteip">RemoteIPProtoHeader</directive> directive triggers >+ <module>mod_remoteip</module> to treat the value of the specified >+ <var>scheme-header-field</var> header as the useragent protocol used, >+ subject to further configuration >+ of the <directive module="mod_remoteip">RemoteIPInternalProxy</directive> and >+ <directive module="mod_remoteip">RemoteIPTrustedProxy</directive> directives. Unless these >+ other directives are used, <module>mod_remoteip</module> will trust all >+ hosts presenting a <directive module="mod_remoteip">RemoteIPProtoHeader</directive> protocol value. >+ The only valid value for the RemoteIPProtoHeader header is "https".</p> >+ <example><title>Internal (Load Balancer) Example</title> >+ <highlight language="config"> >+ RemoteIPProtoHeader X-Client-Proto >+ </highlight> >+ </example> >+ >+ <example><title>Proxy Example</title> >+ <highlight language="config"> >+ RemoteIPProtoHeader X-Forwarded-Proto >+ </highlight> >+ </example> >+</usage> >+</directivesynopsis> >+ >+<directivesynopsis> > <name>RemoteIPInternalProxy</name> > <description>Declare client intranet IP addresses trusted to present the RemoteIPHeader value</description> > <syntax>RemoteIPInternalProxy <var>proxy-ip</var>|<var>proxy-ip/subnet</var>|<var>hostname</var> ...</syntax>
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 61355
:
36295
| 36337