Return-Path: 
 <dev-return-38891-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 45083 invoked by uid 500); 12 Aug 2003 21:10:36 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
list-post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 45068 invoked from network); 12 Aug 2003 21:10:36 -0000
Message-ID: <3F3957BB.3080303@webkist.com>
Date: Tue, 12 Aug 2003 17:10:19 -0400
From: Mike Cramer <cramer@webkist.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030703
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: dev@httpd.apache.org
Subject: [PATCH] Add CookieIPHeader directive to mod_usertrack (for 1.3)
Content-Type: multipart/mixed;
 boundary="------------060405020301050807060800"
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

This is a multi-part message in MIME format.
--------------060405020301050807060800
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

If apache is running behind a device which masks the client's IP address 
with its own, mod_usertrack will use this IP address as part of its 
cookie_id. Since this is NOT the actual IP address of the client (and 
may in fact be information best kept private), this behavior could be 
less than ideal.

Some devices (including a reverse-proxying Apache instance) set HTTP 
headers which contain the "real" IP address of the request, which might 
be more appropriate for mod_usertrack.

The attached patch adds the "CookieIPHeader" directive which takes as 
its only argument the name of the header containing the IP address to 
use. For example, mod_usertrack could use the IP address passed on my 
another Apache instance's "ProxyPass" with the following directive:

CookieIPHeader X-Forwarded-For

If the specified header doesn't exist or inet_aton() fails to parse it, 
the default value (from r->connection) is used instead. Without the 
directive, apache's behavior is unchanged.

This patch is against the mod_usertrack.c found in 1.3.28.

-- 
Mike Cramer
http://www.webkist.com/

--------------060405020301050807060800
Content-Type: text/plain;
 name="mod_usertrack+CookieIPHeader.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="mod_usertrack+CookieIPHeader.patch"

--- mod_usertrack-orig.c	2003-08-12 14:49:48.000000000 -0400
+++ mod_usertrack.c	2003-08-12 15:51:54.000000000 -0400
@@ -126,6 +126,7 @@
     char *cookie_name;
     char *cookie_domain;
     char *prefix_string;
+    char *cookie_ip_header;
 } cookie_dir_rec;
 
 /* Define this to allow post-2000 cookies. Cookies use two-digit dates,
@@ -161,12 +162,26 @@
 
     long reqtime = (long) r->request_time;
     long clocktime;
+    unsigned long ipaddr = 0;
+    const char *rname = NULL;
 
-    unsigned long ipaddr = ntohl(r->connection->remote_addr.sin_addr.s_addr);
-    const char *rname = ap_get_remote_host(r->connection, r->per_dir_config,
-					   REMOTE_NAME);
     dcfg = ap_get_module_config(r->per_dir_config, &usertrack_module);
 
+    if (dcfg->cookie_ip_header != NULL) {
+	if (rname = ap_table_get(r->headers_in, dcfg->cookie_ip_header)) {
+            struct in_addr remote_ip_addr;
+            if (inet_aton(rname, &remote_ip_addr))
+	        ipaddr = ntohl(remote_ip_addr.s_addr);
+	}
+    }
+
+    if (ipaddr == 0)
+	ipaddr = ntohl(r->connection->remote_addr.sin_addr.s_addr);
+
+    if (rname == NULL)
+	rname = ap_get_remote_host(r->connection, r->per_dir_config,
+			           REMOTE_NAME);
+
 #if defined(NO_GETTIMEOFDAY) && !defined(NO_TIMES)
 /* We lack gettimeofday(), so we must use time() to obtain the epoch
    seconds, and then times() to obtain CPU clock ticks (milliseconds).
@@ -338,6 +353,7 @@
     dcfg->style = CT_UNSET;
     dcfg->format = CF_NORMAL;
     dcfg->enabled = 0;
+    dcfg->cookie_ip_header = NULL;
     return dcfg;
 }
 
@@ -418,6 +434,14 @@
     return NULL;
 }
 
+static const char *set_cookie_ip(cmd_parms *cmd, void *mconfig, char *name)
+{
+    cookie_dir_rec *dcfg = (cookie_dir_rec *) mconfig;
+
+    dcfg->cookie_ip_header = ap_pstrdup(cmd->pool, name);
+    return NULL;
+}
+
 static const char *set_cookie_name(cmd_parms *cmd, void *mconfig, char *name)
 {
     cookie_dir_rec *dcfg = (cookie_dir_rec *) mconfig;
@@ -528,6 +552,8 @@
      "'Normal' or 'Compact'"},
     {"CookiePrefix", set_cookie_prefix, NULL, OR_FILEINFO, TAKE1,
      "String prepended to cookie"},
+    {"CookieIPHeader", set_cookie_ip, NULL, OR_FILEINFO, TAKE1,
+     "name of the header to use for client IP"},
     {NULL}
 };
 

--------------060405020301050807060800--