Remote IP Processing

Remote IP Processing @@ -227,25 +227,25 @@ RemoteIPProxiesHeader X-Forwarded-By RemoteIPProxyProtocol On|Off server configvirtual host -RemoteIPProxyProtocol is only available in httpd 2.4.26 and newer +RemoteIPProxyProtocol is only available in httpd 2.4.28 and newer

The RemoteIPProxyProtocol directive enables or disables the reading and handling of the PROXY protocol connection header. If enabled with the On flag, the upstream client must send the header every time it opens a connection or the connection will - be aborted unless it is in the list of disabled hosts provided by RemoteIPProxyProtocolExceptions + be aborted unless it is in the list of disabled hosts provided by the + RemoteIPProxyProtocolExceptions directive.

While this directive may be specified in any virtual host, it is important to understand that because the PROXY protocol is connection based and protocol agnostic, the enabling and disabling is actually based - on ip-address and port. This means that if you have multiple name-based - virtual hosts for the same host and port, and you enable it any one of - them, then it is enabled for all them (with that host and port). It also + on IP address and port. This means that if you have multiple name-based + virtual hosts for the same host and port, and you enable it for any one of + them, then it is enabled for all of them (with that host and port). It also means that if you attempt to enable the PROXY protocol in one and disable - in the other, that won't work; in such a case the last one wins and a + in the other, that won't work; in such a case, the last one wins and a notice will be logged indicating which setting was being overridden.

@@ -280,7 +280,7 @@ Listen 8080 RemoteIPProxyProtocolExceptions host|range [host|range] [host|range] server configvirtual host -RemoteIPProxyProtocolExceptions is only available in httpd 2.4.26 and newer +RemoteIPProxyProtocolExceptions is only available in httpd 2.4.28 and newer

The RemoteIPProxyProtocol directive enables or Modified: httpd/httpd/trunk/modules/metadata/mod_remoteip.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/metadata/mod_remoteip.c?rev=1806985&r1=1806984&r2=1806985&view=diff ============================================================================== --- httpd/httpd/trunk/modules/metadata/mod_remoteip.c (original) +++ httpd/httpd/trunk/modules/metadata/mod_remoteip.c Fri Sep 1 15:41:20 2017 @@ -133,11 +133,10 @@ typedef struct { int version; ap_input_mode_t mode; apr_bucket_brigade *bb; - int peeking; int done; } remoteip_filter_context; -/** Holds the resolved proxy info for this connection and any addition +/** Holds the resolved proxy info for this connection and any additional configurable parameters */ typedef struct { @@ -309,13 +308,13 @@ static const char *proxylist_read(cmd_pa return NULL; } -/** Similar apr_sockaddr_equal, except that it compares ports too. */ +/** Similar to apr_sockaddr_equal, except that it compares ports too. */ static int remoteip_sockaddr_equal(apr_sockaddr_t *addr1, apr_sockaddr_t *addr2) { return (addr1->port == addr2->port && apr_sockaddr_equal(addr1, addr2)); } -/** Similar remoteip_sockaddr_equal, except that it handles wildcard addresses +/** Similar to remoteip_sockaddr_equal, except that it handles wildcard addresses * and ports too. */ static int remoteip_sockaddr_compat(apr_sockaddr_t *addr1, apr_sockaddr_t *addr2) @@ -793,8 +792,7 @@ static remoteip_parse_status_t remoteip_ valid_addr_chars = "0123456789abcdefABCDEF:"; #else ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(03498) - "RemoteIPProxyProtocol: Unable to parse v6 address - APR is not compiled with IPv6 support", - word, hdr->v1.line); + "RemoteIPProxyProtocol: Unable to parse v6 address - APR is not compiled with IPv6 support"); return HDR_ERROR; #endif } @@ -1190,7 +1188,7 @@ static const command_rec remoteip_cmds[] "The filename to read the list of internal proxies, " "see the RemoteIPInternalProxy directive"), AP_INIT_FLAG("RemoteIPProxyProtocol", remoteip_enable_proxy_protocol, NULL, - RSRC_CONF, "Enable PROXY protocol handling (`on', `off')"), + RSRC_CONF, "Enable PROXY protocol handling ('on', 'off')"), AP_INIT_TAKE_ARGV("RemoteIPProxyProtocolExceptions", remoteip_disable_networks, NULL, RSRC_CONF, "Disable PROXY " "protocol handling for this list of networks in CIDR format"),