| 1 |
20 |
ahitrov@rambler.ru |
/* ==================================================================== |
| 2 |
|
|
* The Apache Software License, Version 1.1 |
| 3 |
|
|
* |
| 4 |
|
|
* Copyright (c) 2000 The Apache Software Foundation. All rights |
| 5 |
|
|
* reserved. |
| 6 |
|
|
* |
| 7 |
|
|
* Redistribution and use in source and binary forms, with or without |
| 8 |
|
|
* modification, are permitted provided that the following conditions |
| 9 |
|
|
* are met: |
| 10 |
|
|
* |
| 11 |
|
|
* 1. Redistributions of source code must retain the above copyright |
| 12 |
|
|
* notice, this list of conditions and the following disclaimer. |
| 13 |
|
|
* |
| 14 |
|
|
* 2. Redistributions in binary form must reproduce the above copyright |
| 15 |
|
|
* notice, this list of conditions and the following disclaimer in |
| 16 |
|
|
* the documentation and/or other materials provided with the |
| 17 |
|
|
* distribution. |
| 18 |
|
|
* |
| 19 |
|
|
* 3. The end-user documentation included with the redistribution, |
| 20 |
|
|
* if any, must include the following acknowledgment: |
| 21 |
|
|
* "This product includes software developed by the |
| 22 |
|
|
* Apache Software Foundation (http://www.apache.org/)." |
| 23 |
|
|
* Alternately, this acknowledgment may appear in the software itself, |
| 24 |
|
|
* if and wherever such third-party acknowledgments normally appear. |
| 25 |
|
|
* |
| 26 |
|
|
* 4. The names "Apache" and "Apache Software Foundation" must |
| 27 |
|
|
* not be used to endorse or promote products derived from this |
| 28 |
|
|
* software without prior written permission. For written |
| 29 |
|
|
* permission, please contact apache@apache.org. |
| 30 |
|
|
* |
| 31 |
|
|
* 5. Products derived from this software may not be called "Apache", |
| 32 |
|
|
* nor may "Apache" appear in their name, without prior written |
| 33 |
|
|
* permission of the Apache Software Foundation. |
| 34 |
|
|
* |
| 35 |
|
|
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED |
| 36 |
|
|
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 37 |
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
| 38 |
|
|
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR |
| 39 |
|
|
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 40 |
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| 41 |
|
|
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF |
| 42 |
|
|
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
| 43 |
|
|
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
| 44 |
|
|
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT |
| 45 |
|
|
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 46 |
|
|
* SUCH DAMAGE. |
| 47 |
|
|
* ==================================================================== |
| 48 |
|
|
* |
| 49 |
|
|
* This software consists of voluntary contributions made by many |
| 50 |
|
|
* individuals on behalf of the Apache Software Foundation. For more |
| 51 |
|
|
* information on the Apache Software Foundation, please see |
| 52 |
|
|
* <http://www.apache.org/>. |
| 53 |
|
|
* |
| 54 |
|
|
* Portions of this software are based upon public domain software |
| 55 |
|
|
* originally written at the National Center for Supercomputing Applications, |
| 56 |
|
|
* University of Illinois, Urbana-Champaign. |
| 57 |
|
|
*/ |
| 58 |
|
|
|
| 59 |
|
|
/* proxy_add_forward module |
| 60 |
|
|
* |
| 61 |
|
|
* This module adds a 'X-Forwarded-For' header to outgoing |
| 62 |
|
|
* proxy requests like Squid does. |
| 63 |
|
|
* |
| 64 |
|
|
* You can then get the client ip back on the "proxied host" by |
| 65 |
|
|
* setting r->connection->remote_ip from this header. |
| 66 |
|
|
* |
| 67 |
|
|
* Ask Bjoern Hansen <ask@netcetera.dk>, October 1998 |
| 68 |
|
|
|
| 69 |
|
|
* Changes: |
| 70 |
|
|
* |
| 71 |
|
|
* April 12 2000: Changed the license to the ASF 1.1 license. |
| 72 |
|
|
* |
| 73 |
|
|
* April 12 2000: Made it so that we append our IP to an existing |
| 74 |
|
|
* "X-Forwarded-For" line instead of clobbering an |
| 75 |
|
|
* existing one. - <ahosey@systhug.com> |
| 76 |
|
|
* |
| 77 |
|
|
* June 8 1999: Added instructions on how to compile it into the |
| 78 |
|
|
* frontend apache |
| 79 |
|
|
* |
| 80 |
|
|
* April 12 1999: Changed the sample code so it doesn't confuse the |
| 81 |
|
|
* C compiler, ydkhr! Thanks to Mike Whitaker for |
| 82 |
|
|
* noticing. |
| 83 |
|
|
* |
| 84 |
|
|
* March 1 1999: Added sample code on how to use the header with |
| 85 |
|
|
* mod_perl |
| 86 |
|
|
* |
| 87 |
|
|
|
| 88 |
|
|
To use the module you have to compile it into the frontend part of |
| 89 |
|
|
your server, I usually copy the module to apache-1.3/src/modules/extra/ |
| 90 |
|
|
and use APACI like: |
| 91 |
|
|
|
| 92 |
|
|
./configure --prefix=/usr/local/apache \ |
| 93 |
|
|
--activate-module=src/modules/extra/mod_proxy_add_forward.c \ |
| 94 |
|
|
--enable-module=proxy_add_forward [... more apaci options ...] |
| 95 |
|
|
|
| 96 |
|
|
You should also be able to compile and use this module as a |
| 97 |
|
|
dynamically loaded module (DSO). |
| 98 |
|
|
|
| 99 |
|
|
TMTOWTDI, but I usually make the 'backend' part of the system |
| 100 |
|
|
something like the following: |
| 101 |
|
|
|
| 102 |
|
|
in startup.pl: |
| 103 |
|
|
|
| 104 |
|
|
sub My::ProxyRemoteAddr ($) { |
| 105 |
|
|
my $r = shift; |
| 106 |
|
|
|
| 107 |
|
|
# we'll only look at the X-Forwarded-For header if the requests |
| 108 |
|
|
# comes from our proxy at localhost |
| 109 |
|
|
return OK unless ($r->connection->remote_ip eq "127.0.0.1"); |
| 110 |
|
|
|
| 111 |
|
|
if (my ($ip) = $r->header_in('X-Forwarded-For') =~ /([^,\s]+)$/) { |
| 112 |
|
|
$r->connection->remote_ip($ip); |
| 113 |
|
|
} |
| 114 |
|
|
|
| 115 |
|
|
return OK; |
| 116 |
|
|
} |
| 117 |
|
|
|
| 118 |
|
|
And in httpd.conf: |
| 119 |
|
|
|
| 120 |
|
|
PerlPostReadRequestHandler My::ProxyRemoteAddr |
| 121 |
|
|
|
| 122 |
|
|
*/ |
| 123 |
|
|
|
| 124 |
|
|
|
| 125 |
|
|
#include "httpd.h" |
| 126 |
|
|
#include "http_config.h" |
| 127 |
|
|
#include "http_core.h" |
| 128 |
|
|
|
| 129 |
|
|
module MODULE_VAR_EXPORT proxy_add_forward_module; |
| 130 |
|
|
|
| 131 |
|
|
static int add_forward_header(request_rec *r) |
| 132 |
|
|
{ |
| 133 |
|
|
const char *oldvalue; |
| 134 |
|
|
|
| 135 |
|
|
if (r->proxyreq) { |
| 136 |
|
|
/* If there is an existing header, append our IP to that. */ |
| 137 |
|
|
if (oldvalue = ap_table_get(r->headers_in, "X-Forwarded-For")) { |
| 138 |
|
|
ap_table_set(r->headers_in, "X-Forwarded-For", |
| 139 |
|
|
ap_pstrcat(r->pool, oldvalue, ", ", |
| 140 |
|
|
r->connection->remote_ip, NULL)); |
| 141 |
|
|
} |
| 142 |
|
|
else { |
| 143 |
|
|
ap_table_set(r->headers_in, "X-Forwarded-For", |
| 144 |
|
|
r->connection->remote_ip); |
| 145 |
|
|
} |
| 146 |
|
|
return OK; |
| 147 |
|
|
} |
| 148 |
|
|
return DECLINED; |
| 149 |
|
|
} |
| 150 |
|
|
|
| 151 |
|
|
module MODULE_VAR_EXPORT proxy_add_forward_module = { |
| 152 |
|
|
STANDARD_MODULE_STUFF, |
| 153 |
|
|
NULL, /* initializer */ |
| 154 |
|
|
NULL, /* dir config creater */ |
| 155 |
|
|
NULL, /* dir merger --- default is to override */ |
| 156 |
|
|
NULL, /* server config */ |
| 157 |
|
|
NULL, /* merge server configs */ |
| 158 |
|
|
NULL, /* command table */ |
| 159 |
|
|
NULL, /* handlers */ |
| 160 |
|
|
NULL, /* filename translation */ |
| 161 |
|
|
NULL, /* check_user_id */ |
| 162 |
|
|
NULL, /* check auth */ |
| 163 |
|
|
NULL, /* check access */ |
| 164 |
|
|
NULL, /* type_checker */ |
| 165 |
|
|
add_forward_header, /* fixups */ |
| 166 |
|
|
NULL, /* logger */ |
| 167 |
|
|
NULL, /* header parser */ |
| 168 |
|
|
NULL, /* child_init */ |
| 169 |
|
|
NULL, /* child_exit */ |
| 170 |
|
|
NULL /* post read-request */ |
| 171 |
|
|
}; |
| 172 |
|
|
|
| 173 |
|
|
|
