httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r756567 - in /httpd/sandbox/mod_remoteip: README mod_remoteip.c
Date Fri, 20 Mar 2009 16:19:37 GMT
Author: wrowe
Date: Fri Mar 20 16:19:37 2009
New Revision: 756567

URL: http://svn.apache.org/viewvc?rev=756567&view=rev
Log:
Add support for hostname as a Trusted or Internal Proxy (even subnetted) entry

Modified:
    httpd/sandbox/mod_remoteip/README
    httpd/sandbox/mod_remoteip/mod_remoteip.c

Modified: httpd/sandbox/mod_remoteip/README
URL: http://svn.apache.org/viewvc/httpd/sandbox/mod_remoteip/README?rev=756567&r1=756566&r2=756567&view=diff
==============================================================================
--- httpd/sandbox/mod_remoteip/README (original)
+++ httpd/sandbox/mod_remoteip/README Fri Mar 20 16:19:37 2009
@@ -66,7 +66,7 @@
 trusted internal proxies, specify one or more IP's (or IP prefixes such as
 the pattern "10.", or IP with /subnet bits) using any combination of;
 
-  RemoteIPTrustedProxy [IP|IP/subnet]...
+  RemoteIPInternalProxy [IP|IP/subnet|hostname]...
   RemoteIPInternalProxyList filename
 
 where the filename contains entries, one or more per line, of IP, IP/subnet
@@ -78,7 +78,7 @@
 
  * http://meta.wikimedia.org/wiki/XFF_project
 
-  RemoteIPTrustedProxy [IP|IP/subnet]...
+  RemoteIPTrustedProxy [IP|IP/subnet|hostname]...
   RemoteIPTrustedProxyList filename
 
 The Proxy/ProxyList directives should accept hostnames, although these then
@@ -129,4 +129,4 @@
     evaluation of trusted proxies.  [Should this trigger a configure time
     or run time warning?]
 
- 
\ No newline at end of file
+ 

Modified: httpd/sandbox/mod_remoteip/mod_remoteip.c
URL: http://svn.apache.org/viewvc/httpd/sandbox/mod_remoteip/mod_remoteip.c?rev=756567&r1=756566&r2=756567&view=diff
==============================================================================
--- httpd/sandbox/mod_remoteip/mod_remoteip.c (original)
+++ httpd/sandbox/mod_remoteip/mod_remoteip.c Fri Mar 20 16:19:37 2009
@@ -22,6 +22,7 @@
 #include "http_protocol.h"
 #include "http_log.h"
 #include "apr_strings.h"
+#include "apr_lib.h"
 #define APR_WANT_BYTEFUNC
 #include "apr_want.h"
 #include "apr_network_io.h"
@@ -111,27 +112,48 @@
     return NULL;
 }
 
+/* Would be quite nice if APR exported this */
+static int looks_like_ip(const char *ipstr)
+{
+    if (ap_strchr_c(ipstr, ':')) {
+        /* definitely not a hostname; assume it is intended to be an IPv6 address */
+        return 1;
+    }
+
+    /* simple IPv4 address string check */
+    while ((*ipstr == '.') || apr_isdigit(*ipstr))
+        ipstr++;
+    return (*ipstr == '\0');
+}
+
 static const char *proxies_set(cmd_parms *cmd, void *internal,
                                const char *arg)
 {
     remoteip_config_t *config = ap_get_module_config(cmd->server->module_config,
                                                      &remoteip_module);
     remoteip_proxymatch_t *match;
+    apr_status_t rv;
     char *ip = apr_pstrdup(cmd->temp_pool, arg);
     char *s = ap_strchr(ip, '/');
-    apr_status_t rv;
+    if (s)
+        *s++ = '\0';
 
     if (!config->proxymatch_ip)
         config->proxymatch_ip = apr_array_make(cmd->pool, 1, sizeof(*match));
     match = (remoteip_proxymatch_t *) apr_array_push(config->proxymatch_ip);
 
-    if (s) {
-        *s++ = '\0';
-        rv = apr_ipsubnet_create(&match->ip, ip, s, cmd->pool);
+    if (!looks_like_ip(ip)) {
+        apr_sockaddr_t *temp_sa;
+        rv = apr_sockaddr_info_get(&temp_sa,  ip, APR_UNSPEC, 0,
+                                   APR_IPV4_ADDR_OK, cmd->temp_pool);
+        if (rv == APR_SUCCESS) 
+            apr_sockaddr_ip_get(&ip, temp_sa);
     }
-    else {
+
+    if (s)
+        rv = apr_ipsubnet_create(&match->ip, ip, s, cmd->pool);
+    else
         rv = apr_ipsubnet_create(&match->ip, ip, NULL, cmd->pool);
-    }
 
     if (rv != APR_SUCCESS) {
         char msgbuf[128];



Mime
View raw message