mod_rpaf-0.6/0000755000175000001440000000000010736607030012362 5ustar thomasusersmod_rpaf-0.6/t/0000755000175000001440000000000010736607030012625 5ustar thomasusersmod_rpaf-0.6/t/htdocs/0000755000175000001440000000000010736607030014111 5ustar thomasusersmod_rpaf-0.6/t/htdocs/cgi-bin/0000755000175000001440000000000010736607030015421 5ustar thomasusersmod_rpaf-0.6/t/htdocs/cgi-bin/env.cgi0000755000175000001440000000101210722410451016664 0ustar thomasusers#!/usr/bin/perl # $Id: env.cgi 13 2007-11-26 00:19:53Z thomas $ print qq{Content-Type: text/plain\r\n\r\n}; print qq{HTTP_X_FORWARDED_FOR = } . (defined($ENV{HTTP_X_FORWARDED_FOR}) ? $ENV{HTTP_X_FORWARDED_FOR} : ''); print qq{\n}; print qq{REMOTE_ADDR = } . (defined($ENV{REMOTE_ADDR}) ? $ENV{REMOTE_ADDR} : ''); print qq{\n}; print qq{HTTP_HOST = } . (defined($ENV{HTTP_HOST}) ? $ENV{HTTP_HOST} : ''); print qq{\n}; print qq{HTTP_X_REAL_IP = } . (defined($ENV{HTTP_X_REAL_IP}) ? $ENV{HTTP_X_REAL_IP} : ''); print qq{\n}; mod_rpaf-0.6/t/htdocs/index.html0000644000175000001440000000002410736326563016113 0ustar thomasusers test mod_rpaf-0.6/t/run_apache.sh0000755000175000001440000000011210722335433015263 0ustar thomasusers#!/bin/sh ~/build/apache-dev/bin/httpd -d . -f `pwd`/httpd-rpaf.conf -X mod_rpaf-0.6/t/run_test.pl0000755000175000001440000001255410736326563015050 0ustar thomasusers#!/usr/bin/perl use strict; use warnings; use Data::Dumper; use LWP::UserAgent; use HTTP::Request; my $localhost_ip = '127.0.0.1'; my $forward_ip = '140.211.11.130'; my $x_forwarded_for = "$localhost_ip; $forward_ip"; my $http_host = "$localhost_ip:2500"; my $x_host = 'www.apache.org'; my $test = shift || die("Missing a testcase"); my $ua; if ($test ne 'test6') { $ua = LWP::UserAgent->new(); } else { $ua = LWP::UserAgent->new(keep_alive => 1); } my $request = HTTP::Request->new(GET => 'http://127.0.0.1:2500/cgi-bin/env.cgi'); run_test1() if $test eq 'test1'; run_test2() if $test eq 'test2'; run_test3() if $test eq 'test3'; run_test4() if $test eq 'test4'; run_test5() if $test eq 'test5'; run_test6() if $test eq 'test6'; run_test6() if $test eq 'test7'; sub run_test1 { # two tests - one without X-Forwarded-For and one with execute_test($request, { REMOTE_ADDR => $localhost_ip, HTTP_HOST => $http_host, HTTP_X_FORWARDED_FOR => ''}); $request->header('X-Forwarded-For' => $x_forwarded_for); execute_test($request, { REMOTE_ADDR => $localhost_ip, HTTP_HOST => $http_host, HTTP_X_FORWARDED_FOR => $x_forwarded_for}); } sub run_test2 { # three tests - one without X-Forwarded-For; one with; and one with X-Host execute_test($request, { REMOTE_ADDR => $localhost_ip, HTTP_HOST => $http_host, HTTP_X_FORWARDED_FOR => ''}); $request->header('X-Forwarded-For' => $x_forwarded_for); execute_test($request, { REMOTE_ADDR => $forward_ip, HTTP_HOST => $http_host, HTTP_X_FORWARDED_FOR => $x_forwarded_for}); $request->header('X-Host' => $x_host); execute_test($request, { REMOTE_ADDR => $forward_ip, HTTP_HOST => $http_host, HTTP_X_FORWARDED_FOR => $x_forwarded_for}); } sub run_test3 { # three tests one without X-Host; one with; and one with X-Forwarded-Host $request->header('X-Forwarded-For' => $x_forwarded_for); execute_test($request, { REMOTE_ADDR => $forward_ip, HTTP_HOST => $http_host, HTTP_X_FORWARDED_FOR => $x_forwarded_for}); $request->header('X-Host' => $x_host); execute_test($request, { REMOTE_ADDR => $forward_ip, HTTP_HOST => $x_host, HTTP_X_FORWARDED_FOR => $x_forwarded_for}); $request->remove_header('X-Host'); $request->header('X-Forwarded-Host' => $x_host); execute_test($request, { REMOTE_ADDR => $forward_ip, HTTP_HOST => $x_host, HTTP_X_FORWARDED_FOR => $x_forwarded_for}); } sub run_test4 { # three tests one without X-Host; one with; and one with X-Forwarded-Host $request->header('X-Forwarded-For' => $x_forwarded_for); execute_test($request, { REMOTE_ADDR => $forward_ip, HTTP_HOST => $http_host, HTTP_X_FORWARDED_FOR => $x_forwarded_for}); $request->header('X-Host' => $x_host); execute_test($request, { REMOTE_ADDR => $forward_ip, HTTP_HOST => $x_host, HTTP_X_FORWARDED_FOR => $x_forwarded_for}); $request->remove_header('X-Host'); $request->header('X-Forwarded-Host' => $x_host); execute_test($request, { REMOTE_ADDR => $forward_ip, HTTP_HOST => $x_host, HTTP_X_FORWARDED_FOR => $x_forwarded_for}); } sub run_test5 { # two tests with X-Real-IP; one without X-Host; one with $request->remove_header('X-Forwarded-For'); $request->header('X-Real-IP' => $x_forwarded_for); execute_test($request, { REMOTE_ADDR => $forward_ip, HTTP_HOST => $http_host, HTTP_X_REAL_IP => $x_forwarded_for}); $request->header('X-Host' => $x_host); execute_test($request, { REMOTE_ADDR => $forward_ip, HTTP_HOST => $x_host, HTTP_X_REAL_IP => $x_forwarded_for}); } sub run_test6 { # attempt to test keep-alive print "Testing Keep-Alive\n"; my $static_request = HTTP::Request->new(GET => 'http://127.0.0.1:2500/index.html'); print "First using X-F-F: $x_forwarded_for\n"; $static_request->header('X-Forwarded-For' => $x_forwarded_for); my $response = $ua->request($static_request); if ($response->is_success()) { } else { print "Something went wrong in requesting file.."; } my $reverse_xff = "$localhost_ip; " . (join ".", reverse split /\./, $forward_ip); print "Then using X-F-F: $reverse_xff\n"; $static_request->header('X-Forwarded-For' => $reverse_xff); $response = $ua->request($static_request); if ($response->is_success()) { } else { print "Something went wrong in requesting file.."; } print "Now requesting without X-F-F\n"; $static_request->remove_header('X-Forwarded-For'); $response = $ua->request($static_request); if ($response->is_success()) { } else { print "Something went wrong in requesting file.."; } print "Done\n"; } sub execute_test { my $request = shift; my $expected = shift; my $response = $ua->request($request); if ($response->is_success()) { my $returned = {}; my $content = $response->content(); my @rows = split /\n/, $content; foreach my $row (@rows) { my ($key,$value) = split / \= /, $row; $returned->{$key} = $value; } # compare with $expected foreach my $key (sort keys %$expected) { print qq{Expected $key "$expected->{$key}" }; print qq{Response "$returned->{$key}" } if defined($returned->{$key}); my $status = (defined($returned->{$key}) && $returned->{$key} eq $expected->{$key} ? 'OK' : 'NOT OK' ); print qq{$status\n}; die(Dumper($response)) if $status ne 'OK'; } # Everything looks like it worked print qq{*** Test passed ***\n}; } else { die($response); } } mod_rpaf-0.6/httpd-rpaf.conf-template-2.00000644000175000001440000000226010736326563017421 0ustar thomasusersPidFile httpd.pid Listen 2500 ServerName 127.0.0.1 #ServerRoot @@DIR@@ DocumentRoot @@DIR@@/htdocs/ ErrorLog rpaf-error_log LoadModule rpaf_module @@DIR@@/../.libs/mod_rpaf-2.0.so LoadModule cgi_module /usr/lib/apache2/modules/mod_cgi.so LoadModule alias_module /usr/lib/apache2/modules/mod_alias.so ScriptAlias /cgi-bin @@DIR@@/htdocs/cgi-bin RPAFenable Off RPAFenable On RPAFsethostname Off RPAFproxy_ips 127.0.0.1 RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 RPAFheader X-Forwarded-For RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 RPAFheader X-Real-IP RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 KeepAlive On KeepAliveTimeout 15 LogFormat "%h" rpaf CustomLog rpaf-access_log rpaf RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 KeepAlive On KeepAliveTimeout 15 LogFormat "%h" rpaf CustomLog rpaf-access_log rpaf HostNameLookups On mod_rpaf-0.6/gen_tests.sh0000755000175000001440000000135110730124646014715 0ustar thomasusers#!/bin/sh PATH=$PATH:/home/thomas/build/apache-dev/bin DIRECTORY=`pwd`/t HTTPD=`which httpd` HTTPD2=`which apache2` cat test-Makefile-template | sed -s "s|\@\@HTTPD\@\@|$HTTPD|" | sed -s "s|\@\@HTTPD2\@\@|$HTTPD2|" > t/Makefile if [ "$HTTPD" != "" ]; then echo "Found httpd as $HTTPD" echo "Creating test configuration for apache 1.3.x" echo "in directory $DIRECTORY" cat httpd-rpaf.conf-template | sed -s "s|\@\@DIR\@\@|$DIRECTORY|" > t/httpd-rpaf.conf fi APACHE2=`which apache2` if [ "$APACHE2" != "" ]; then echo "Found apache2 as $HTTPD" echo "Creating test configuration for apache 2.x.x" echo "in directory $DIRECTORY" cat httpd-rpaf.conf-template-2.0 | sed -s "s|\@\@DIR\@\@|$DIRECTORY|" > t/httpd-rpaf.conf-2.0 fi mod_rpaf-0.6/mod_rpaf-2.0.c0000644000175000001440000002266410736327004014624 0ustar thomasusers /* ==================================================================== * Copyright (c) 1995 The Apache Group. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the Apache Group * for use in the Apache HTTP server project (http://www.apache.org/)." * * 4. The names "Apache Server" and "Apache Group" must not be used to * endorse or promote products derived from this software without * prior written permission. * * 5. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the Apache Group * for use in the Apache HTTP server project (http://www.apache.org/)." * * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR * IT'S CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Group and was originally based * on public domain software written at the National Center for * Supercomputing Applications, University of Illinois, Urbana-Champaign. * For more information on the Apache Group and the Apache HTTP server * project, please see . * */ /* * $Id: mod_rpaf-2.0.c 18 2008-01-01 03:05:40Z thomas $ * * Author: Thomas Eibner, * URL: http://stderr.net/apache/rpaf/ * rpaf is short for reverse proxy add forward * * This module does the opposite of mod_proxy_add_forward written by * Ask Bjørn Hansen. http://develooper.com/code/mpaf/ or mod_proxy * in 1.3.25 and above and mod_proxy from Apache 2.0 * */ #include "httpd.h" #include "http_config.h" #include "http_core.h" #include "http_log.h" #include "http_protocol.h" #include "http_vhost.h" #include "apr_strings.h" module AP_MODULE_DECLARE_DATA rpaf_module; typedef struct { int enable; int sethostname; const char *headername; apr_array_header_t *proxy_ips; } rpaf_server_cfg; typedef struct { const char *old_ip; request_rec *r; } rpaf_cleanup_rec; static void *rpaf_create_server_cfg(apr_pool_t *p, server_rec *s) { rpaf_server_cfg *cfg = (rpaf_server_cfg *)apr_pcalloc(p, sizeof(rpaf_server_cfg)); if (!cfg) return NULL; cfg->proxy_ips = apr_array_make(p, 0, sizeof(char *)); cfg->enable = 0; cfg->sethostname = 0; return (void *)cfg; } static const char *rpaf_set_proxy_ip(cmd_parms *cmd, void *dummy, const char *proxy_ip) { server_rec *s = cmd->server; rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(s->module_config, &rpaf_module); /* check for valid syntax of ip */ *(char **)apr_array_push(cfg->proxy_ips) = apr_pstrdup(cmd->pool, proxy_ip); return NULL; } static const char *rpaf_set_headername(cmd_parms *cmd, void *dummy, const char *headername) { server_rec *s = cmd->server; rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(s->module_config, &rpaf_module); cfg->headername = headername; return NULL; } static const char *rpaf_enable(cmd_parms *cmd, void *dummy, int flag) { server_rec *s = cmd->server; rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(s->module_config, &rpaf_module); cfg->enable = flag; return NULL; } static const char *rpaf_sethostname(cmd_parms *cmd, void *dummy, int flag) { server_rec *s = cmd->server; rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(s->module_config, &rpaf_module); cfg->sethostname = flag; return NULL; } static int is_in_array(const char *remote_ip, apr_array_header_t *proxy_ips) { int i; char **list = (char**)proxy_ips->elts; for (i = 0; i < proxy_ips->nelts; i++) { if (strcmp(remote_ip, list[i]) == 0) return 1; } return 0; } static apr_status_t rpaf_cleanup(void *data) { rpaf_cleanup_rec *rcr = (rpaf_cleanup_rec *)data; rcr->r->connection->remote_ip = apr_pstrdup(rcr->r->connection->pool, rcr->old_ip); rcr->r->connection->remote_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(rcr->r->connection->remote_ip); return APR_SUCCESS; } static int change_remote_ip(request_rec *r) { const char *fwdvalue; char *val; rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(r->server->module_config, &rpaf_module); if (!cfg->enable) return DECLINED; if (is_in_array(r->connection->remote_ip, cfg->proxy_ips) == 1) { /* check if cfg->headername is set and if it is use that instead of X-Forwarded-For by default */ if (cfg->headername && (fwdvalue = apr_table_get(r->headers_in, cfg->headername))) { // } else if (fwdvalue = apr_table_get(r->headers_in, "X-Forwarded-For")) { // } else { return DECLINED; } if (fwdvalue) { rpaf_cleanup_rec *rcr = (rpaf_cleanup_rec *)apr_pcalloc(r->pool, sizeof(rpaf_cleanup_rec)); apr_array_header_t *arr = apr_array_make(r->pool, 0, sizeof(char*)); while (*fwdvalue && (val = ap_get_token(r->pool, &fwdvalue, 1))) { *(char **)apr_array_push(arr) = apr_pstrdup(r->pool, val); if (*fwdvalue != '\0') ++fwdvalue; } rcr->old_ip = apr_pstrdup(r->connection->pool, r->connection->remote_ip); rcr->r = r; apr_pool_cleanup_register(r->pool, (void *)rcr, rpaf_cleanup, apr_pool_cleanup_null); r->connection->remote_ip = apr_pstrdup(r->connection->pool, ((char **)arr->elts)[((arr->nelts)-1)]); r->connection->remote_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(r->connection->remote_ip); if (cfg->sethostname) { const char *hostvalue; if (hostvalue = apr_table_get(r->headers_in, "X-Forwarded-Host")) { /* 2.0 proxy frontend or 1.3 => 1.3.25 proxy frontend */ apr_table_set(r->headers_in, "Host", apr_pstrdup(r->pool, hostvalue)); r->hostname = apr_pstrdup(r->pool, hostvalue); ap_update_vhost_from_headers(r); } else if (hostvalue = apr_table_get(r->headers_in, "X-Host")) { /* 1.3 proxy frontend with mod_proxy_add_forward */ apr_table_set(r->headers_in, "Host", apr_pstrdup(r->pool, hostvalue)); r->hostname = apr_pstrdup(r->pool, hostvalue); ap_update_vhost_from_headers(r); } } } } return DECLINED; } static const command_rec rpaf_cmds[] = { AP_INIT_FLAG( "RPAFenable", rpaf_enable, NULL, RSRC_CONF, "Enable mod_rpaf" ), AP_INIT_FLAG( "RPAFsethostname", rpaf_sethostname, NULL, RSRC_CONF, "Let mod_rpaf set the hostname from X-Host header and update vhosts" ), AP_INIT_ITERATE( "RPAFproxy_ips", rpaf_set_proxy_ip, NULL, RSRC_CONF, "IP(s) of Proxy server setting X-Forwarded-For header" ), AP_INIT_TAKE1( "RPAFheader", rpaf_set_headername, NULL, RSRC_CONF, "Which header to look for when trying to find the real ip of the client in a proxy setup" ), { NULL } }; static void register_hooks(apr_pool_t *p) { ap_hook_post_read_request(change_remote_ip, NULL, NULL, APR_HOOK_FIRST); } module AP_MODULE_DECLARE_DATA rpaf_module = { STANDARD20_MODULE_STUFF, NULL, NULL, rpaf_create_server_cfg, NULL, rpaf_cmds, register_hooks, }; mod_rpaf-0.6/test-Makefile-template0000644000175000001440000000644010736576426016632 0ustar thomasusers# Makefile for mod_rpaf.c tests (gmake) # $Id: test-Makefile-template 19 2008-01-02 02:55:18Z thomas $ HTTPD=@@HTTPD@@ -d . -f httpd-rpaf.conf -X HTTPD2=@@HTTPD2@@ -d . -f httpd-rpaf.conf-2.0 -X default: @echo please run make test or make test-2.0 @echo from the root directory of your rpaf sources test: rm -f rpaf-error_log rpaf_access_log @echo running rpaf apache 1.3.x tests @echo test 1 - no rpaf @echo starting apache .. @$(HTTPD) -D test1 & @./run_test.pl test1 @echo stopping apache .. @kill -HUP `cat httpd.pid` @rm httpd.pid @echo test 2 - rpaf enabled @echo starting apache .. @$(HTTPD) -D test2 & @./run_test.pl test2 @echo stopping apache .. @kill -HUP `cat httpd.pid` @rm httpd.pid @echo test 3 - rpaf enabled - sethostname enabled @echo starting apache .. @$(HTTPD) -D test3 & @./run_test.pl test3 @echo stopping apache .. @kill -HUP `cat httpd.pid` @rm httpd.pid @echo test 4 - rpaf enabled - sethostname enabled - specifying header @echo setting X-Forwarded-For @echo starting apache .. @$(HTTPD) -D test4 & @./run_test.pl test4 @echo stopping apache .. @kill -HUP `cat httpd.pid` @rm httpd.pid @echo test 5 - rpaf enabled - sethostname enabled - specifying header @echo setting X-Real-IP @echo starting apache .. @$(HTTPD) -D test5 & @./run_test.pl test5 @echo stopping apache .. @kill -HUP `cat httpd.pid` @rm httpd.pid @echo test 6 - X-Forwarded-For Keep-Alive test @echo starting apache .. @$(HTTPD) -D test6 & @./run_test.pl test6 @echo stopping apache .. @kill -HUP `cat httpd.pid` @rm httpd.pid @echo test 7 - X-Forwarded-For Keep-Alive test with HostNameLookups On @echo starting apache .. @$(HTTPD) -D test7 & @./run_test.pl test7 @echo stopping apache .. @kill -HUP `cat httpd.pid` @rm httpd.pid test-2.0: rm -f rpaf-error_log rpaf-access_log @echo running rpaf apache 2.x.x tests @echo test 1 - no rpaf @echo starting apache .. @$(HTTPD2) -D test1 & @./run_test.pl test1 @echo stopping apache .. @kill -9 `cat httpd.pid` @rm httpd.pid @echo test 2 - rpaf enabled @echo starting apache .. @$(HTTPD2) -D test2 & @./run_test.pl test2 @echo stopping apache .. @kill -9 `cat httpd.pid` @rm httpd.pid @echo test 3 - rpaf enabled - sethostname enabled @echo starting apache .. @$(HTTPD2) -D test3 & @./run_test.pl test3 @echo stopping apache .. @kill -9 `cat httpd.pid` @rm httpd.pid @echo test 4 - rpaf enabled - sethostname enabled - specifying header @echo setting X-Forwarded-For @echo starting apache .. @$(HTTPD2) -D test4 & @./run_test.pl test4 @echo stopping apache .. @kill -9 `cat httpd.pid` @rm httpd.pid @echo test 5 - rpaf enabled - sethostname enabled - specifying header @echo setting X-Real-IP @echo starting apache .. @$(HTTPD2) -D test5 & @./run_test.pl test5 @echo stopping apache .. @kill -9 `cat httpd.pid` @rm httpd.pid @echo test 6 - X-Forwarded-For Keep-Alive test @echo starting apache .. @$(HTTPD2) -D test6 & @./run_test.pl test6 @echo stopping apache .. @kill -9 `cat httpd.pid` @rm httpd.pid @echo test 7 - X-Forwarded-For Keep-Alive test with HostNameLookups On @echo starting apache .. @$(HTTPD2) -D test7 & @./run_test.pl test7 @echo stopping apache .. @kill -9 `cat httpd.pid` @rm httpd.pid clean: rm -rf httpd.pid rpaf-access_log rpaf-error_log httpd-rpaf.conf httpd-rpaf.conf-2.0 Makefile mod_rpaf-0.6/CHANGES0000644000175000001440000000136610736606374013375 0ustar thomasusersKeep Alive Problem reported and patched by Christian Schneider Also reported by Hiroyuki OYAMA and Vladimir Klebanov mod_rpaf was incorrectly using r->pool to allocate memory for the ip. The correct pool for this when you are dealing wth keep-alive requests was r->connection->pool. Adding configurable header to work with common Russian setups that use X-Real-Ip instead of X-Forwarded-For. Fixing problems with keep-alive connections reusing the original X-Forwarded-For ip as the 'remote_ip'. Move the `change_remote_ip' handler from being APR_HOOK_MIDDLE to APR_HOOK_FIRST to make the module run before modules like mod_geoip. Thanks to bug reports from Yar Odin Michael Cramer Sridhar Komandur Heddy Boubaker Mitar Sergey Mokryshev Günter Knaf mod_rpaf-0.6/mod_rpaf.c0000644000175000001440000002321210736326563014326 0ustar thomasusers /* ==================================================================== * Copyright (c) 1995 The Apache Group. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the Apache Group * for use in the Apache HTTP server project (http://www.apache.org/)." * * 4. The names "Apache Server" and "Apache Group" must not be used to * endorse or promote products derived from this software without * prior written permission. * * 5. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the Apache Group * for use in the Apache HTTP server project (http://www.apache.org/)." * * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR * IT'S CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Group and was originally based * on public domain software written at the National Center for * Supercomputing Applications, University of Illinois, Urbana-Champaign. * For more information on the Apache Group and the Apache HTTP server * project, please see . * */ /* * $Id: mod_rpaf.c 17 2008-01-01 03:03:15Z thomas $ * * Author: Thomas Eibner, * URL: http://stderr.net/apache/rpaf/ * rpaf is short for reverse proxy add forward * * This module does the opposite of mod_proxy_add_forward written by * Ask Bjørn Hansen. http://develooper.com/code/mpaf/ or mod_proxy * in 1.3.25 and above and mod_proxy from Apache 2.0 * */ #include "httpd.h" #include "http_config.h" #include "http_core.h" #include "http_log.h" #include "http_protocol.h" #include "http_vhost.h" module MODULE_VAR_EXPORT rpaf_module; typedef struct { int enable; int sethostname; const char *headername; array_header *proxy_ips; } rpaf_server_cfg; typedef struct { const char *old_ip; request_rec *r; } rpaf_cleanup_rec; static void *rpaf_create_server_cfg(pool *p, server_rec *s) { rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_pcalloc(p, sizeof(rpaf_server_cfg)); if (!cfg) return NULL; cfg->proxy_ips = ap_make_array(p, 0, sizeof(char *)); cfg->enable = 0; cfg->sethostname = 0; return (void *)cfg; } static const char *rpaf_set_proxy_ip(cmd_parms *cmd, void *dummy, char *proxy_ip) { server_rec *s = cmd->server; rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(s->module_config, &rpaf_module); /* check for valid syntax of ip */ *(char **)ap_push_array(cfg->proxy_ips) = ap_pstrdup(cmd->pool, proxy_ip); return NULL; } static const char *rpaf_set_headername(cmd_parms *cmd, void *dummy, char *headername) { server_rec *s = cmd->server; rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(s->module_config, &rpaf_module); cfg->headername = headername; return NULL; } static const char *rpaf_enable(cmd_parms *cmd, void *dummy, int flag) { server_rec *s = cmd->server; rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(s->module_config, &rpaf_module); cfg->enable = flag; return NULL; } static const char *rpaf_sethostname(cmd_parms *cmd, void *dummy, int flag) { server_rec *s = cmd->server; rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(s->module_config, &rpaf_module); cfg->sethostname = flag; return NULL; } static int is_in_array(const char *remote_ip, array_header *proxy_ips) { int i; char **list = (char**)proxy_ips->elts; for (i = 0; i < proxy_ips->nelts; i++) { if (strcmp(remote_ip, list[i]) == 0) return 1; } return 0; } static void rpaf_cleanup(void *data) { rpaf_cleanup_rec *rcr = (rpaf_cleanup_rec *)data; rcr->r->connection->remote_ip = ap_pstrdup(rcr->r->connection->pool, rcr->old_ip); rcr->r->connection->remote_addr.sin_addr.s_addr = inet_addr(rcr->r->connection->remote_ip); } static int change_remote_ip(request_rec *r) { const char *fwdvalue; char *val; rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(r->server->module_config, &rpaf_module); if (!cfg->enable) return DECLINED; if (is_in_array(r->connection->remote_ip, cfg->proxy_ips) == 1) { /* check if cfg->headername is set and if it is use that instead of X-Forwarded-For by default */ if (cfg->headername && (fwdvalue = ap_table_get(r->headers_in, cfg->headername))) { // } else if (fwdvalue = ap_table_get(r->headers_in, "X-Forwarded-For")) { // } else { return DECLINED; } if (fwdvalue) { rpaf_cleanup_rec *rcr = (rpaf_cleanup_rec *)ap_pcalloc(r->pool, sizeof(rpaf_cleanup_rec)); array_header *arr = ap_make_array(r->pool, 0, sizeof(char*)); while (*fwdvalue && (val = ap_get_token(r->pool, &fwdvalue, 1))) { *(char **)ap_push_array(arr) = ap_pstrdup(r->pool, val); if (*fwdvalue != '\0') ++fwdvalue; } rcr->old_ip = ap_pstrdup(r->connection->pool, r->connection->remote_ip); rcr->r = r; ap_register_cleanup(r->pool, (void *)rcr, rpaf_cleanup, ap_null_cleanup); r->connection->remote_ip = ap_pstrdup(r->connection->pool, ((char **)arr->elts)[((arr->nelts)-1)]); r->connection->remote_addr.sin_addr.s_addr = inet_addr(r->connection->remote_ip); if (cfg->sethostname) { const char *hostvalue; if (hostvalue = ap_table_get(r->headers_in, "X-Forwarded-Host")) { /* 2.0 proxy frontend or 1.3 => 1.3.25 proxy frontend */ ap_table_set(r->headers_in, "Host", ap_pstrdup(r->pool, hostvalue)); r->hostname = ap_pstrdup(r->pool, hostvalue); ap_update_vhost_from_headers(r); } else if (hostvalue = ap_table_get(r->headers_in, "X-Host")) { /* 1.3 proxy frontend with mod_proxy_add_forward */ ap_table_set(r->headers_in, "Host", ap_pstrdup(r->pool, hostvalue)); r->hostname = ap_pstrdup(r->pool, hostvalue); ap_update_vhost_from_headers(r); } } } } return DECLINED; } static command_rec rpaf_cmds[] = { { "RPAFenable", rpaf_enable, NULL, RSRC_CONF, FLAG, "Enable mod_rpaf" }, { "RPAFsethostname", rpaf_sethostname, NULL, RSRC_CONF, FLAG, "Let mod_rpaf set the hostname from the X-Host header and update vhosts" }, { "RPAFproxy_ips", rpaf_set_proxy_ip, NULL, RSRC_CONF, ITERATE, "IP(s) of Proxy server setting X-Forwarded-For header" }, { "RPAFheader", rpaf_set_headername, NULL, RSRC_CONF, TAKE1, "Which header to look for when trying to find the real ip of the client in a proxy setup" }, { NULL } }; module MODULE_VAR_EXPORT rpaf_module = { STANDARD_MODULE_STUFF, NULL, /* initializer */ NULL, /* dir config creator */ NULL, /* dir config merger */ rpaf_create_server_cfg, /* server config */ NULL, /* merge server config */ rpaf_cmds, /* command table */ NULL, /* handlers */ NULL, /* filename translation */ NULL, /* check_user_id */ NULL, /* check auth */ NULL, /* check access */ NULL, /* type_checker */ NULL, /* fixups */ NULL, /* logger */ NULL, /* header parser */ NULL, /* child_init */ NULL, /* child_exit */ change_remote_ip /* post read-request */ }; mod_rpaf-0.6/Makefile0000644000175000001440000000247610730124646014034 0ustar thomasusers# Makefile for mod_rpaf.c (gmake) # $Id: Makefile 16 2007-12-13 03:40:22Z thomas $ APXS=$(shell which apxs) APXS2=$(shell which apxs2) default: @echo mod_rpaf: @echo nevest version available at http://stderr.net/apache/rpaf/ @echo @echo following options available: @echo \"make rpaf\" to compile the 1.3 version @echo \"make test\" to test 1.3 version @echo \"make install\" to install the 1.3 version @echo \"make rpaf-2.0\" to compile the 2.0 version @echo \"make test-2.0\" to test 2.0 version @echo \"make install-2.0\" to install the 2.0 version @echo @echo change path to apxs if this is not it: \"$(APXS)\" rpaf: mod_rpaf.so @echo make done @echo type \"make test\" to test mod_rpaf @echo type \"make install\" to install mod_rpaf test: rpaf @./gen_tests.sh cd t && $(MAKE) test @echo all done rpaf-2.0: mod_rpaf-2.0.o @echo make done, type \"make install-2.0\" to install mod_rpaf-2.0 test-2.0: rpaf-2.0 @./gen_tests.sh cd t && make test-2.0 mod_rpaf.so: mod_rpaf.c $(APXS) -c -o $@ mod_rpaf.c mod_rpaf.c: mod_rpaf-2.0.o: mod_rpaf-2.0.c $(APXS2) -c -n $@ mod_rpaf-2.0.c mod_rpaf-2.0.c: install: mod_rpaf.so $(APXS) -i -n mod_rpaf mod_rpaf.so install-2.0: mod_rpaf-2.0.o $(APXS2) -i -n mod_rpaf-2.0.so mod_rpaf-2.0.la clean: rm -rf *~ *.o *.so *.lo *.la *.slo *.loT .libs/ cd t && make clean mod_rpaf-0.6/README0000644000175000001440000000157010722424427013247 0ustar thomasusersmod_rpaf - reverse proxy add forward This module does the opposite of mod_proxy_add_forward written by Ask Bjørn Hansen. http://develooper.com/code/mpaf/ Compile and Install for 1.3: apxs -i -a -c mod_rpaf.c Compile and Install for 2.0: apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c or simply try: make Configuration Directives: RPAFenable On # Enable reverse proxy add forward RPAFproxy_ips 127.0.0.1 10.0.0.1 # which ips are forwarding requests to us RPAFsethostname On # let rpaf update vhost settings # allows to have the same hostnames as in the "real" # configuration for the forwarding Apache RPAFheader X-Forwarded-For # Allows you to change which header mod_rpaf looks # for when trying to find the ip the that is forwarding # our requests Author: Thomas Eibner License: Apache License Latest version available from: http://stderr.net/apache/rpaf/ mod_rpaf-0.6/httpd-rpaf.conf-template0000644000175000001440000000212010736326563017117 0ustar thomasusersServerType standalone PidFile httpd.pid Port 2500 ServerName 127.0.0.1 #ServerRoot @@DIR@@ DocumentRoot @@DIR@@/htdocs/ ErrorLog rpaf-error_log LoadModule rpaf_module ../mod_rpaf.so ScriptAlias /cgi-bin @@DIR@@/htdocs/cgi-bin TypesConfig /dev/null RPAFenable Off RPAFenable On RPAFsethostname Off RPAFproxy_ips 127.0.0.1 RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 RPAFheader X-Forwarded-For RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 RPAFheader X-Real-IP RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 KeepAlive On KeepAlivetimeout 15 LogFormat "%h" rpaf CustomLog rpaf-access_log rpaf RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 KeepAlive On KeepAlivetimeout 15 LogFormat "%h" rpaf CustomLog rpaf-access_log rpaf HostNameLookups On