httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: ProxyBlock question
Date Tue, 24 Jul 2012 08:46:12 GMT
On 24.07.2012 10:20, Joe Orton wrote:
> On Tue, Jul 24, 2012 at 07:55:27AM +0000, Plüm, Rüdiger, Vodafone Group wrote:
>> Thanks. The patch reminded me of a special situation where the patch
>> might not be suitable: If the forward proxy just forwards everything
>> to the next proxy e.g. because it cannot do DNS lookups of the target
>> URL's
>
> Exactly my thought.  So in presence of a forward proxy, the "least
> worst" option is probably to omit the DNS lookup and only do the string
> comparison against the ->noproxies list?  Doing a (possibly slow to
> timeout) DNS lookup just in case could impose a horrible performance
> hit.

IMHO if the admin explicitely configured an IP in the ProxyBlock list we 
should nevertheless check. For this case there's already a somewhat 
related warning in the docs which we could enhance for this new case.

It looks like we could check whether we have an explicit IP during 
set_proxy_exclude() by comparing new->name and apr_sockaddr_ip_get() of 
new->addr and later do the IP lookup for the target host only for those 
rules where we had an explicit IP.

Not sure whether apr_sockaddr_ip_get() applied to the result of 
apr_sockaddr_info_get() applied to an IP gives back the same IP, e.g. 
when there's IPv4 and v6 involved.

Regards,

Rainer


Mime
View raw message