httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: New patch for preventing reverse lookups mod_proxy
Date Mon, 24 Mar 2003 17:29:06 GMT
Federico Mennite wrote:

> as suggested a while back (I've been a bit busy) by members of this list 
> I changed the patch so that mod_proxy respects HostnameLookups when 
> dealing reverse lookups.
> 
> I'm not happy with it tough, because I had to add an API funtcion to the 
> apache core. Since i'm quite new to apache internals here's a question:
> Is there an alternative path to follow? If not, what about an API 
> function similar to ap_get_remote_logname() but that instead of 
> returning a string, works with the same kind of parameters of 
> *ap_proxy_host2addr()?
> 
> Notes:
> - in proxy_util.c/proxy_match_ipaddr(): the call to ap_proxy_host2addr() 
> has been forced to reverse lookups indipendently from configuration 
> settings. Otherwhise when the parameter for NoProxy is an IP address, it 
> wouldn't have the same matching it had previously. I think tough, it 
> could be made configuration dependent.
> - in proxy_util.c/ap_proxy_is_hostname(): the call to 
> ap_proxy_host2addr() has been forced to NOT perform any reverse lookups. 
> It simply doesn't make sense unless I'm missing something.
> - in mod_proxy.c/set_proxy_exclude() and set_cache_exclude(): the calls 
> to ap_proxy_host2addr() depend on configuration. Probably they could be 
> forced to NO reverse lookups.

Has anyone else got opinions on this? Much of the lookup code in proxy 
was left unaltered from when it was originally written, and in theory 
this patch seems sane, though I wouldn't be able to be sure as I didn't 
overhaul this particular code.

So far I am +1 on this.

Regards,
Graham
-- 
-----------------------------------------
minfrin@sharp.fm		"There's a moon
					over Bourbon Street
						tonight..."


Mime
View raw message