mod_remoteip.c

Checkout Tools
  • last updated 2 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
handle LOCAL ver_cmd proxy headers

bz 63893

Fix a typo
* modules/metadata/mod_remoteip.c (remoteip_process_v2_header,

remoteip_input_filter): Add sanity checks.

Submitted by: jorton, Daniel McCarney <cpu letsencrypt.org>

mod_remoteip: Fix RemoteIP{Trusted,Internal}ProxyList loading broken by 2.4.30.

Overwriting server config in pre_config hook breaks EXEC_ON_READ directives,

it's automatically created on purpose anyway.

PR 62220.

  1. … 1 more file in changeset.
copy apr_sockaddr_is_wildcard to maintain 1.4.x support.

mod_remoteip: make proxy-protocol work on slave connections, e.g. in HTTP/2

requests. See also https://github.com/roadrunner2/mod-proxy-protocol/issues/6

  1. … 1 more file in changeset.
APR-ize uint types

Fix format pattern (%lu => %APR_SIZE_T_FMT).

Detected by maintainer mode compilation and GCC error:

.../modules/metadata/mod_remoteip.c:

In function 'remoteip_input_filter':

.../include/http_log.h:117:33:

error: format '%lu' expects argument of type

'long unsigned int', but argument 8 has type

'apr_size_t {aka unsigned int}' [-Werror=format=]

PROXY protocol proposal corrections
  1. … 1 more file in changeset.
Fix directive name in

(s/RemoteIPProxyProtocolDisableNetworks/RemoteIPProxyProtocolExceptions/)

Use cmd->cmd->name instead to be future proof.

Rename RemoteIPProxyProtocolDisableHosts to RemoteIPProxyProtocolExceptions
  1. … 1 more file in changeset.
Update PROXY handling by removing Optional processing
  1. … 1 more file in changeset.
Finally include feedback from Ruediger Pluem. Add slave "backoff" verified by Sander Hoentjen
Change tactic for PROXY processing in Optional case
  1. … 1 more file in changeset.
* modules/metadata/mod_remoteip.c (register_hooks,

remoteip_hook_pre_connection): Reference the filter by handle rather

than name (avoiding tree lookup by name on use).

* modules/metadata/mod_remoteip.c: Fix GCC strict-aliasing warning

by moving deference of header array via a different pointer type

("type-punning") out of line.

Set all read buckets aside in case we need to restore all during optional header processing
* Silence compiler warning
Reinsert attribution to mod_remoteip.c for PROXY protocol
On the trunk:

* mod_remoteip: added cast to fix clang compiler error

Move attribution for mod_remoteip RemoteIPProxyProtocol from file to CHANGES
  1. … 1 more file in changeset.
Shorten RemoteIPProxyProtocolEnable to RemoteIPProxyProtocol and correct references in docs
  1. … 6 more files in changeset.
Merge new PROXY protocol code into mod_remoteip
  1. … 2 more files in changeset.
mod_remoteip: Set useragent port to zero PR59931

When overriding the useragent address from X-Forwarded-For,

zero out what had been initialized as the connection-level port.

Submitted By: Hank Ibell <hwibell gmail.com>

  1. … 1 more file in changeset.
mod_remoteip: Use r->useragent_addr as the root trusted address for verifying.

This fixes issue resulting in setting of bad useragent_ip when internal

redirection has been generated as response to the request (typically as

result of "ErrorDocument 40x").

In this case, the original request has been handled by mod_remoteip and its

useragent_ip has been changed properly, but when internal redirection

to ErrorDocument has been generated later, the mod_remoteip's handler has been

executed again with *the same* c->client_addr as in the original request. If

c->client_addr IP is trusted, this results in bad useragent_ip being set.

When using r->useragent_addr as the root trusted address instead of

c->client_addr, the internal redirection uses the first non-trusted

IP in this particular case, so it won't change the r->useragent_ip during

the internal redirection to ErrorDocument.

Prevent an external proxy from presenting an internal proxy

in mod_remoteip.c. PR 55962.

  1. … 1 more file in changeset.
Use the correct IP addresses to populate the proxy_ips field

in mod_remoteip.c. PR 55972.

  1. … 1 more file in changeset.
Correct the trusted proxy match test in mod_remoteip. PR 54651.\n\nSubmitted By: Yoshinori Ehara <yoshinori ehara gmail com>\nEndorsed By: Eugene L <eugenel amazon com>\nCommited By: mrumph
  1. … 1 more file in changeset.
s/equivalant/equivalent/ in comments
  1. … 1 more file in changeset.
Remove redundant check