Bug 56152

Summary: ProxyBlock does not accept network addresses
Product: Apache httpd-2 Reporter: Lubomir Rintel <lkundrak>
Component: mod_proxyAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: NEW ---    
Severity: normal Keywords: PatchAvailable
Priority: P2    
Version: 2.5-HEAD   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Attachments: [PATCH 1/4] mod_proxy: Match resolved addresses for NoProxy too
[PATCH 2/4] mod_proxy: Split the NoProxy parameter parsing away
[PATCH 1/4] mod_proxy: Rename dirconn_entry to exclude_entry
[PATCH 2/4] mod_proxy: Match resolved addresses for NoProxy too
[PATCH 3/4] mod_proxy: Split the NoProxy parameter parsing away
[PATCH 4/4] mod_proxy: Share NoProxy parameter parsing and evaluation

Description Lubomir Rintel 2014-02-18 13:28:48 UTC 
You can not easily block address ranges such as "ProxyBlock 127.0.0.0/8".
Comment 1 Lubomir Rintel 2014-02-18 13:29:38 UTC 
Created attachment 31319 [details]
[PATCH 1/4] mod_proxy: Match resolved addresses for NoProxy too
Comment 2 Lubomir Rintel 2014-02-18 13:30:34 UTC 
Created attachment 31320 [details]
[PATCH 2/4] mod_proxy: Split the NoProxy parameter parsing away
Comment 3 Lubomir Rintel 2014-02-18 13:31:55 UTC 
Created attachment 31321 [details]
[PATCH 1/4] mod_proxy: Rename dirconn_entry to exclude_entry
Comment 4 Lubomir Rintel 2014-02-18 13:32:28 UTC 
Created attachment 31322 [details]
[PATCH 2/4] mod_proxy: Match resolved addresses for NoProxy too
Comment 5 Lubomir Rintel 2014-02-18 13:32:54 UTC 
Created attachment 31323 [details]
[PATCH 3/4] mod_proxy: Split the NoProxy parameter parsing away
Comment 6 Lubomir Rintel 2014-02-18 13:33:20 UTC 
Created attachment 31324 [details]
[PATCH 4/4] mod_proxy: Share NoProxy parameter parsing and evaluation
Comment 7 Lubomir Rintel 2014-02-18 13:35:24 UTC 
The patch set reuses code that's already used for the NoProxy directive.

Diffstat:

 docs/manual/mod/mod_proxy.xml | 14 ++--
 modules/proxy/mod_proxy.c     | 83 ++++++++++-------------
 modules/proxy/mod_proxy.h     |  9 +--
 modules/proxy/proxy_util.c    | 67 ++++++------------
 modules/proxy/proxy_util.h    |  8 +--
 5 files changed, 69 insertions(+), 112 deletions(-)
Comment 8 Jim Jagielski 2014-03-10 12:13:31 UTC 
Glancing over the patches, they look more complex than needed... can it be simp lyfied and combined?
Comment 9 Lubomir Rintel 2014-03-10 13:46:56 UTC 
I'm really not sure. I've did my best to avoid unnecessary complexity (there's more removals than additions in the end). I've tried not to mix unrelated changes and tried keep logical chunks in separate patches with appropriate explanations.

I could definitely try to improve things you find needlessly complex or unclear, but I'd need more specific input for that.