From 5c671fc2eadf8c118b8a7e15fe857bf9d300ac83 Mon Sep 17 00:00:00 2001 From: Joey Date: Tue, 21 Jul 2015 02:03:38 +0100 Subject: [PATCH 1/4] Apply 2.4.16 changes. Apply patch from original pull request. Small fixes. See: https://github.com/ttkzw/mod_remoteip-httpd22/pull/1 --- mod_remoteip.c | 63 +++++++++++++++++++++++++++++++++----------------- 1 file changed, 42 insertions(+), 21 deletions(-) diff --git a/mod_remoteip.c b/mod_remoteip.c index f58098d..1b4df32 100644 --- a/mod_remoteip.c +++ b/mod_remoteip.c @@ -37,11 +37,17 @@ typedef struct { } remoteip_proxymatch_t; typedef struct { - /** The header to retrieve a proxy-via ip list */ + conn_rec *conn; + apr_sockaddr_t *remote_addr; + char *remote_ip; +} remoteip_cleanup_rec_t; + +typedef struct { + /** The header to retrieve a proxy-via IP list */ const char *header_name; /** A header to record the proxied IP's * (removed as the physical connection and - * from the proxy-via ip header value list) + * from the proxy-via IP header value list) */ const char *proxies_header_name; /** A list of trusted proxies, ideally configured @@ -51,11 +57,11 @@ typedef struct { } remoteip_config_t; typedef struct { - apr_sockaddr_t *remote_addr; - char *remote_ip; - /** The list of proxy ip's ignored as remote ip's */ + apr_sockaddr_t *useragent_addr; + char *useragent_ip; + /** The list of proxy IP's ignored as remote IP's */ const char *proxy_ips; - /** The remaining list of untrusted proxied remote ip's */ + /** The remaining list of untrusted proxied remote IP's */ const char *proxied_remote; } remoteip_req_t; @@ -170,7 +176,7 @@ static const char *proxies_set(cmd_parms *cmd, void *cfg, } if (rv != APR_SUCCESS) { - char msgbuf[128]; + char msgbuf[MAX_STRING_LEN]; apr_strerror(rv, msgbuf, sizeof(msgbuf)); return apr_pstrcat(cmd->pool, "RemoteIP: Error parsing IP ", arg, " (", msgbuf, " error) for ", cmd->cmd->name, NULL); @@ -200,11 +206,12 @@ static const char *proxylist_read(cmd_parms *cmd, void *cfg, while (!(ap_cfg_getline(lbuf, MAX_STRING_LEN, cfp))) { args = lbuf; while (*(arg = ap_getword_conf(cmd->temp_pool, &args)) != '\0') { - if (*arg == '#' || *arg == '\0') { + if (*arg == '#') { break; } errmsg = proxies_set(cmd, cfg, arg); if (errmsg) { + ap_cfg_closefile(cfp); errmsg = apr_psprintf(cmd->pool, "%s at line %d of %s", errmsg, cfp->line_number, filename); return errmsg; @@ -216,12 +223,20 @@ static const char *proxylist_read(cmd_parms *cmd, void *cfg, return NULL; } +static apr_status_t remoteip_cleanup(void *data) { + remoteip_cleanup_rec_t *cleanup_rec = (remoteip_cleanup_rec_t *)data; + cleanup_rec->conn->remote_addr = cleanup_rec->remote_addr; + cleanup_rec->conn->remote_ip = cleanup_rec->remote_ip; + return APR_SUCCESS; +} + static int remoteip_modify_request(request_rec *r) { conn_rec *c = r->connection; remoteip_config_t *config = (remoteip_config_t *) ap_get_module_config(r->server->module_config, &remoteip_module); remoteip_req_t *req = NULL; + remoteip_cleanup_rec_t *cleanup_rec; apr_sockaddr_t *temp_sa; @@ -247,14 +262,14 @@ static int remoteip_modify_request(request_rec *r) while (remote) { - /* verify c->remote_addr is trusted if there is a trusted proxy list + /* verify user agent IP against the trusted proxy list */ if (config->proxymatch_ip) { int i; remoteip_proxymatch_t *match; match = (remoteip_proxymatch_t *)config->proxymatch_ip->elts; for (i = 0; i < config->proxymatch_ip->nelts; ++i) { - if (apr_ipsubnet_test(match[i].ip, c->remote_addr)) { + if (apr_ipsubnet_test(match[i].ip, temp_sa)) { internal = match[i].internal; break; } @@ -291,7 +306,7 @@ static int remoteip_modify_request(request_rec *r) break; } - /* We map as IPv4 rather than IPv6 for equivilant host names + /* We map as IPv4 rather than IPv6 for equivalent host names * or IPV4OVERIPV6 */ rv = apr_sockaddr_info_get(&temp_sa, parse_remote, @@ -310,7 +325,6 @@ static int remoteip_modify_request(request_rec *r) remote = parse_remote; } break; - } addrbyte = (unsigned char *) &temp_sa->sa.sin.sin_addr; @@ -356,19 +370,19 @@ static int remoteip_modify_request(request_rec *r) req = (remoteip_req_t *) apr_palloc(r->pool, sizeof(remoteip_req_t)); } - /* Set remote_ip string */ + /* Set useragent_ip string */ if (!internal) { if (proxy_ips) { proxy_ips = apr_pstrcat(r->pool, proxy_ips, ", ", - c->remote_ip, NULL); + req->useragent_ip, NULL); } else { - proxy_ips = c->remote_ip; + proxy_ips = req->useragent_ip; } } - req->remote_addr = temp_sa; - apr_sockaddr_ip_get(&req->remote_ip, req->remote_addr); + req->useragent_addr = temp_sa; + apr_sockaddr_ip_get(&req->useragent_ip, req->useragent_addr); } /* Nothing happened? */ @@ -394,14 +408,21 @@ static int remoteip_modify_request(request_rec *r) } } - c->remote_addr = req->remote_addr; - c->remote_ip = req->remote_ip; + cleanup_rec = (remoteip_cleanup_rec_t *)apr_pcalloc(r->pool, sizeof(remoteip_cleanup_rec_t)); + cleanup_rec->conn = c; + cleanup_rec->remote_addr = c->remote_addr; + cleanup_rec->remote_ip = c->remote_ip; + apr_pool_cleanup_register(r->pool, cleanup_rec, remoteip_cleanup, apr_pool_cleanup_null); + + c->remote_addr = req->useragent_addr; + c->remote_ip = req->useragent_ip; ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, req->proxy_ips ? "Using %s as client's IP by proxies %s" - : "Using %s as client's IP by internal proxies", - req->remote_ip, req->proxy_ips); + : "Using %s as client's IP by internal proxies%s", + req->useragent_ip, + (req->proxy_ips ? req->proxy_ips : "")); return OK; } From 6314a641256607a20411be6ad3f4a15ed2abcdb1 Mon Sep 17 00:00:00 2001 From: Joey Date: Tue, 21 Jul 2015 02:10:29 +0100 Subject: [PATCH 2/4] Update README --- README | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README b/README index 90d52e2..6a47b6f 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ ## Apache HTTP Server 2.2.x mod_remoteip backport -This is a backport of apache 2.4.1 mod_remoteip to apache 2.2.x. +This is a backport of apache 2.4.16 mod_remoteip to apache 2.2.x. ## Compile and Install apxs -i -c -n mod_remoteip.so mod_remoteip.c @@ -14,4 +14,3 @@ See http://httpd.apache.org/docs/2.4/mod/mod_remoteip.html ## Distribution Latest version available from https://github.com/ttkzw/mod_remoteip-http22 - From 424679499e51c4c66b3eaecef26ee52f50fa934e Mon Sep 17 00:00:00 2001 From: Joey Date: Tue, 21 Jul 2015 11:27:47 +0100 Subject: [PATCH 3/4] ASL Do something about that Apache license clause. --- mod_remoteip.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mod_remoteip.c b/mod_remoteip.c index 1b4df32..cdd908e 100644 --- a/mod_remoteip.c +++ b/mod_remoteip.c @@ -12,6 +12,9 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. + * + * NOTICE: + * This file has been modified and is a derivative work. */ #include "ap_config.h" From 08f0d85f21d592e687334e79d4663a0bf21a8e05 Mon Sep 17 00:00:00 2001 From: Joey Date: Tue, 21 Jul 2015 11:32:05 +0100 Subject: [PATCH 4/4] Fix broken link Typo was corrected in repo name but not readme. --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index 6a47b6f..4cf2f94 100644 --- a/README +++ b/README @@ -13,4 +13,4 @@ See http://httpd.apache.org/docs/2.4/mod/mod_remoteip.html * Backport by Takashi Takizawa ## Distribution -Latest version available from https://github.com/ttkzw/mod_remoteip-http22 +Latest version available from https://github.com/ttkzw/mod_remoteip-httpd22