Return-Path: 
 <cvs-return-32301-apmail-httpd-cvs-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: (qmail 17868 invoked from network); 20 Mar 2009 16:20:07 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 20 Mar 2009 16:20:07 -0000
Received: (qmail 47239 invoked by uid 500); 20 Mar 2009 16:20:06 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 47178 invoked by uid 500); 20 Mar 2009 16:20:06 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:cvs-help@httpd.apache.org>
list-unsubscribe: <mailto:cvs-unsubscribe@httpd.apache.org>
List-Post: <mailto:cvs@httpd.apache.org>
List-Id: <cvs.httpd.apache.org>
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 47169 invoked by uid 99); 20 Mar 2009 16:20:06 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Mar 2009 09:20:06 -0700
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Mar 2009 16:19:58 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id F2B41238898E; Fri, 20 Mar 2009 16:19:37 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r756567 - in /httpd/sandbox/mod_remoteip: README
 mod_remoteip.c
Date: Fri, 20 Mar 2009 16:19:37 -0000
To: cvs@httpd.apache.org
From: wrowe@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20090320161937.F2B41238898E@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: wrowe
Date: Fri Mar 20 16:19:37 2009
New Revision: 756567

URL: http://svn.apache.org/viewvc?rev=756567&view=rev
Log:
Add support for hostname as a Trusted or Internal Proxy (even subnetted) entry

Modified:
    httpd/sandbox/mod_remoteip/README
    httpd/sandbox/mod_remoteip/mod_remoteip.c

Modified: httpd/sandbox/mod_remoteip/README
URL: http://svn.apache.org/viewvc/httpd/sandbox/mod_remoteip/README?rev=756567&r1=756566&r2=756567&view=diff
==============================================================================
--- httpd/sandbox/mod_remoteip/README (original)
+++ httpd/sandbox/mod_remoteip/README Fri Mar 20 16:19:37 2009
@@ -66,7 +66,7 @@
 trusted internal proxies, specify one or more IP's (or IP prefixes such as
 the pattern "10.", or IP with /subnet bits) using any combination of;
 
-  RemoteIPTrustedProxy [IP|IP/subnet]...
+  RemoteIPInternalProxy [IP|IP/subnet|hostname]...
   RemoteIPInternalProxyList filename
 
 where the filename contains entries, one or more per line, of IP, IP/subnet
@@ -78,7 +78,7 @@
 
  * http://meta.wikimedia.org/wiki/XFF_project
 
-  RemoteIPTrustedProxy [IP|IP/subnet]...
+  RemoteIPTrustedProxy [IP|IP/subnet|hostname]...
   RemoteIPTrustedProxyList filename
 
 The Proxy/ProxyList directives should accept hostnames, although these then
@@ -129,4 +129,4 @@
     evaluation of trusted proxies.  [Should this trigger a configure time
     or run time warning?]
 
- 
\ No newline at end of file
+ 

Modified: httpd/sandbox/mod_remoteip/mod_remoteip.c
URL: http://svn.apache.org/viewvc/httpd/sandbox/mod_remoteip/mod_remoteip.c?rev=756567&r1=756566&r2=756567&view=diff
==============================================================================
--- httpd/sandbox/mod_remoteip/mod_remoteip.c (original)
+++ httpd/sandbox/mod_remoteip/mod_remoteip.c Fri Mar 20 16:19:37 2009
@@ -22,6 +22,7 @@
 #include "http_protocol.h"
 #include "http_log.h"
 #include "apr_strings.h"
+#include "apr_lib.h"
 #define APR_WANT_BYTEFUNC
 #include "apr_want.h"
 #include "apr_network_io.h"
@@ -111,27 +112,48 @@
     return NULL;
 }
 
+/* Would be quite nice if APR exported this */
+static int looks_like_ip(const char *ipstr)
+{
+    if (ap_strchr_c(ipstr, ':')) {
+        /* definitely not a hostname; assume it is intended to be an IPv6 address */
+        return 1;
+    }
+
+    /* simple IPv4 address string check */
+    while ((*ipstr == '.') || apr_isdigit(*ipstr))
+        ipstr++;
+    return (*ipstr == '\0');
+}
+
 static const char *proxies_set(cmd_parms *cmd, void *internal,
                                const char *arg)
 {
     remoteip_config_t *config = ap_get_module_config(cmd->server->module_config,
                                                      &remoteip_module);
     remoteip_proxymatch_t *match;
+    apr_status_t rv;
     char *ip = apr_pstrdup(cmd->temp_pool, arg);
     char *s = ap_strchr(ip, '/');
-    apr_status_t rv;
+    if (s)
+        *s++ = '\0';
 
     if (!config->proxymatch_ip)
         config->proxymatch_ip = apr_array_make(cmd->pool, 1, sizeof(*match));
     match = (remoteip_proxymatch_t *) apr_array_push(config->proxymatch_ip);
 
-    if (s) {
-        *s++ = '\0';
-        rv = apr_ipsubnet_create(&match->ip, ip, s, cmd->pool);
+    if (!looks_like_ip(ip)) {
+        apr_sockaddr_t *temp_sa;
+        rv = apr_sockaddr_info_get(&temp_sa,  ip, APR_UNSPEC, 0,
+                                   APR_IPV4_ADDR_OK, cmd->temp_pool);
+        if (rv == APR_SUCCESS) 
+            apr_sockaddr_ip_get(&ip, temp_sa);
     }
-    else {
+
+    if (s)
+        rv = apr_ipsubnet_create(&match->ip, ip, s, cmd->pool);
+    else
         rv = apr_ipsubnet_create(&match->ip, ip, NULL, cmd->pool);
-    }
 
     if (rv != APR_SUCCESS) {
         char msgbuf[128];