mod_rpaf-0.5/000075500000000000000000000000001062204565600131515ustar00rootroot00000000000000mod_rpaf-0.5/CHANGES000064400000000000000000000004341062204565600141450ustar00rootroot00000000000000Keep Alive Problem reported and patched by Christian Schneider Also reported by Hiroyuki OYAMA and Vladimir Klebanov mod_rpaf was incorrectly using r->pool to allocate memory for the ip. The correct pool for this when you are dealing wth keep-alive requests was r->connection->pool. mod_rpaf-0.5/Makefile000064400000000000000000000021131062204565600146060ustar00rootroot00000000000000# Makefile for mod_rpaf.c (gmake) # $Id: Makefile,v 1.4 2002/06/18 15:05:07 thomas Exp $ #APXS=$(shell which apxs) APXS=/home/thomas/build/apache-dev/bin/apxs #APXS=/pat/to/your/apxs default: @echo mod_rpaf: @echo nevest version available at http://stderr.net/apache/rpaf/ @echo @echo following options available: @echo \"make rpaf\" to compile the 1.3 version @echo \"make install\" to install the 1.3 version @echo \"make rpaf-2.0\" to compile the 2.0 version @echo \"make install-2.0\" to install the 2.0 version @echo @echo change path to apxs if this is not it: \"$(APXS)\" rpaf: mod_rpaf.so @echo make done, type \"make install\" to install mod_rpaf rpaf-2.0: mod_rpaf-2.0.o @echo make done, type \"make install-2.0\" to install mod_rpaf-2.0 mod_rpaf.so: mod_rpaf.c $(APXS) -c -o $@ mod_rpaf.c mod_rpaf.c: mod_rpaf-2.0.o: mod_rpaf-2.0.c $(APXS) -c -n $@ mod_rpaf-2.0.c mod_rpaf-2.0.c: install: mod_rpaf.so $(APXS) -i -n mod_rpaf mod_rpaf.so install-2.0: mod_rpaf-2.0.o $(APXS) -i -n mod_rpaf-2.0.so mod_rpaf-2.0.la clean: rm -rf *~ *.o *.so *.lo *.la *.slo .libs/ mod_rpaf-0.5/README000064400000000000000000000013431062204565600140320ustar00rootroot00000000000000mod_rpaf - reverse proxy add forward This module does the opposite of mod_proxy_add_forward written by Ask Bjørn Hansen. http://develooper.com/code/mpaf/ Compile and Install for 1.3: apxs -i -a -c mod_rpaf.c Compile and Install for 2.0: apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c or simply try: make Configuration Directives: RPAFenable On # Enable reverse proxy add forward RPAFproxy_ips 127.0.0.1 10.0.0.1 # which ips are forwarding requests to us RPAFsethostname On # let rpaf update vhost settings # allows to have the same hostnames as in the "real" # configuration for the forwarding Apache Author: Thomas Eibner License: Apache License Latest version available from: http://stderr.net/apache/rpaf/ mod_rpaf-0.5/mod_rpaf-2.0.c000064400000000000000000000173331062204565600154100ustar00rootroot00000000000000 /* ==================================================================== * Copyright (c) 1995 The Apache Group. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the Apache Group * for use in the Apache HTTP server project (http://www.apache.org/)." * * 4. The names "Apache Server" and "Apache Group" must not be used to * endorse or promote products derived from this software without * prior written permission. * * 5. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the Apache Group * for use in the Apache HTTP server project (http://www.apache.org/)." * * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR * IT'S CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Group and was originally based * on public domain software written at the National Center for * Supercomputing Applications, University of Illinois, Urbana-Champaign. * For more information on the Apache Group and the Apache HTTP server * project, please see . * */ /* * $Id: mod_rpaf-2.0.c,v 1.1 2002/06/08 19:25:06 thomas Exp $ * * Author: Thomas Eibner, * URL: http://stderr.net/apache/rpaf/ * rpaf is short for reverse proxy add forward * * This module does the opposite of mod_proxy_add_forward written by * Ask Bjørn Hansen. http://develooper.com/code/mpaf/ or mod_proxy * in 1.3.25 and above and mod_proxy from Apache 2.0 * */ #include "httpd.h" #include "http_config.h" #include "http_core.h" #include "http_log.h" #include "http_protocol.h" #include "http_vhost.h" #include "apr_strings.h" module AP_MODULE_DECLARE_DATA rpaf_module; typedef struct { int enable; int sethostname; apr_array_header_t *proxy_ips; } rpaf_server_cfg; static void *rpaf_create_server_cfg(apr_pool_t *p, server_rec *s) { rpaf_server_cfg *cfg = (rpaf_server_cfg *)apr_pcalloc(p, sizeof(rpaf_server_cfg)); if (!cfg) return NULL; cfg->proxy_ips = apr_array_make(p, 0, sizeof(char *)); cfg->enable = 0; cfg->sethostname = 0; return (void *)cfg; } static const char *rpaf_set_proxy_ip(cmd_parms *cmd, void *dummy, char *proxy_ip) { server_rec *s = cmd->server; rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(s->module_config, &rpaf_module); /* check for valid syntax of ip */ *(char **)apr_array_push(cfg->proxy_ips) = apr_pstrdup(cmd->pool, proxy_ip); return NULL; } static const char *rpaf_enable(cmd_parms *cmd, void *dummy, int flag) { server_rec *s = cmd->server; rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(s->module_config, &rpaf_module); cfg->enable = flag; return NULL; } static const char *rpaf_sethostname(cmd_parms *cmd, void *dummy, int flag) { server_rec *s = cmd->server; rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(s->module_config, &rpaf_module); cfg->sethostname = flag; return NULL; } static int is_in_array(const char *remote_ip, apr_array_header_t *proxy_ips) { int i; char **list = (char**)proxy_ips->elts; for (i = 0; i < proxy_ips->nelts; i++) { if (strcmp(remote_ip, list[i]) == 0) return 1; } return 0; } static int change_remote_ip(request_rec *r) { const char *fwdvalue; char *val; rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(r->server->module_config, &rpaf_module); if (!cfg->enable) return DECLINED; if (is_in_array(r->connection->remote_ip, cfg->proxy_ips) == 1) { if (fwdvalue = apr_table_get(r->headers_in, "X-Forwarded-For")) { apr_array_header_t *arr = apr_array_make(r->pool, 0, sizeof(char*)); while (*fwdvalue && (val = ap_get_token(r->pool, &fwdvalue, 1))) { *(char **)apr_array_push(arr) = apr_pstrdup(r->pool, val); if (*fwdvalue != '\0') ++fwdvalue; } r->connection->remote_ip = apr_pstrdup(r->connection->pool, ((char **)arr->elts)[((arr->nelts)-1)]); r->connection->remote_addr->sa.sin.sin_addr.s_addr = inet_addr(r->connection->remote_ip); if (cfg->sethostname) { const char *hostvalue; if (hostvalue = apr_table_get(r->headers_in, "X-Forwarded-Host")) { /* 2.0 proxy frontend or 1.3 => 1.3.25 proxy frontend */ apr_table_set(r->headers_in, "Host", apr_pstrdup(r->pool, hostvalue)); r->hostname = apr_pstrdup(r->pool, hostvalue); ap_update_vhost_from_headers(r); } else if (hostvalue = apr_table_get(r->headers_in, "X-Host")) { /* 1.3 proxy frontend with mod_proxy_add_forward */ apr_table_set(r->headers_in, "Host", apr_pstrdup(r->pool, hostvalue)); r->hostname = apr_pstrdup(r->pool, hostvalue); ap_update_vhost_from_headers(r); } } } } return DECLINED; } static const command_rec rpaf_cmds[] = { AP_INIT_FLAG( "RPAFenable", rpaf_enable, NULL, RSRC_CONF, "Enable mod_rpaf" ), AP_INIT_FLAG( "RPAFsethostname", rpaf_sethostname, NULL, RSRC_CONF, "Let mod_rpaf set the hostname from X-Host header and update vhosts" ), AP_INIT_ITERATE( "RPAFproxy_ips", rpaf_set_proxy_ip, NULL, RSRC_CONF, "IP(s) of Proxy server setting X-Forwarded-For header" ), { NULL } }; static void register_hooks(apr_pool_t *p) { ap_hook_post_read_request(change_remote_ip, NULL, NULL, APR_HOOK_MIDDLE); } module AP_MODULE_DECLARE_DATA rpaf_module = { STANDARD20_MODULE_STUFF, NULL, NULL, rpaf_create_server_cfg, NULL, rpaf_cmds, register_hooks, }; mod_rpaf-0.5/mod_rpaf.c000064400000000000000000000202061062204565600151040ustar00rootroot00000000000000 /* ==================================================================== * Copyright (c) 1995 The Apache Group. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the Apache Group * for use in the Apache HTTP server project (http://www.apache.org/)." * * 4. The names "Apache Server" and "Apache Group" must not be used to * endorse or promote products derived from this software without * prior written permission. * * 5. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the Apache Group * for use in the Apache HTTP server project (http://www.apache.org/)." * * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR * IT'S CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Group and was originally based * on public domain software written at the National Center for * Supercomputing Applications, University of Illinois, Urbana-Champaign. * For more information on the Apache Group and the Apache HTTP server * project, please see . * */ /* * $Id: mod_rpaf.c,v 1.6 2002/06/08 19:24:29 thomas Exp $ * * Author: Thomas Eibner, * URL: http://stderr.net/apache/rpaf/ * rpaf is short for reverse proxy add forward * * This module does the opposite of mod_proxy_add_forward written by * Ask Bjørn Hansen. http://develooper.com/code/mpaf/ or mod_proxy * in 1.3.25 and above and mod_proxy from Apache 2.0 * */ #include "httpd.h" #include "http_config.h" #include "http_core.h" #include "http_log.h" #include "http_protocol.h" #include "http_vhost.h" module MODULE_VAR_EXPORT rpaf_module; typedef struct { int enable; int sethostname; array_header *proxy_ips; } rpaf_server_cfg; static void *rpaf_create_server_cfg(pool *p, server_rec *s) { rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_pcalloc(p, sizeof(rpaf_server_cfg)); if (!cfg) return NULL; cfg->proxy_ips = ap_make_array(p, 0, sizeof(char *)); cfg->enable = 0; cfg->sethostname = 0; return (void *)cfg; } static const char *rpaf_set_proxy_ip(cmd_parms *cmd, void *dummy, char *proxy_ip) { server_rec *s = cmd->server; rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(s->module_config, &rpaf_module); /* check for valid syntax of ip */ *(char **)ap_push_array(cfg->proxy_ips) = ap_pstrdup(cmd->pool, proxy_ip); return NULL; } static const char *rpaf_enable(cmd_parms *cmd, void *dummy, int flag) { server_rec *s = cmd->server; rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(s->module_config, &rpaf_module); cfg->enable = flag; return NULL; } static const char *rpaf_sethostname(cmd_parms *cmd, void *dummy, int flag) { server_rec *s = cmd->server; rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(s->module_config, &rpaf_module); cfg->sethostname = flag; return NULL; } static int is_in_array(const char *remote_ip, array_header *proxy_ips) { int i; char **list = (char**)proxy_ips->elts; for (i = 0; i < proxy_ips->nelts; i++) { if (strcmp(remote_ip, list[i]) == 0) return 1; } return 0; } static int change_remote_ip(request_rec *r) { const char *fwdvalue; char *val; rpaf_server_cfg *cfg = (rpaf_server_cfg *)ap_get_module_config(r->server->module_config, &rpaf_module); if (!cfg->enable) return DECLINED; if (is_in_array(r->connection->remote_ip, cfg->proxy_ips) == 1) { if (fwdvalue = ap_table_get(r->headers_in, "X-Forwarded-For")) { array_header *arr = ap_make_array(r->pool, 0, sizeof(char*)); while (*fwdvalue && (val = ap_get_token(r->pool, &fwdvalue, 1))) { *(char **)ap_push_array(arr) = ap_pstrdup(r->pool, val); if (*fwdvalue != '\0') ++fwdvalue; } r->connection->remote_ip = ap_pstrdup(r->connection->pool, ((char **)arr->elts)[((arr->nelts)-1)]); r->connection->remote_addr.sin_addr.s_addr = inet_addr(r->connection->remote_ip); if (cfg->sethostname) { const char *hostvalue; if (hostvalue = ap_table_get(r->headers_in, "X-Forwarded-Host")) { /* 2.0 proxy frontend or 1.3 => 1.3.25 proxy frontend */ ap_table_set(r->headers_in, "Host", ap_pstrdup(r->pool, hostvalue)); r->hostname = ap_pstrdup(r->pool, hostvalue); ap_update_vhost_from_headers(r); } else if (hostvalue = ap_table_get(r->headers_in, "X-Host")) { /* 1.3 proxy frontend with mod_proxy_add_forward */ ap_table_set(r->headers_in, "Host", ap_pstrdup(r->pool, hostvalue)); r->hostname = ap_pstrdup(r->pool, hostvalue); ap_update_vhost_from_headers(r); } } } } return DECLINED; } static command_rec rpaf_cmds[] = { { "RPAFenable", rpaf_enable, NULL, RSRC_CONF, FLAG, "Enable mod_rpaf" }, { "RPAFsethostname", rpaf_sethostname, NULL, RSRC_CONF, FLAG, "Let mod_rpaf set the hostname from the X-Host header and update vhosts" }, { "RPAFproxy_ips", rpaf_set_proxy_ip, NULL, RSRC_CONF, ITERATE, "IP(s) of Proxy server setting X-Forwarded-For header" }, { NULL } }; module MODULE_VAR_EXPORT rpaf_module = { STANDARD_MODULE_STUFF, NULL, /* initializer */ NULL, /* dir config creator */ NULL, /* dir config merger */ rpaf_create_server_cfg, /* server config */ NULL, /* merge server config */ rpaf_cmds, /* command table */ NULL, /* handlers */ NULL, /* filename translation */ NULL, /* check_user_id */ NULL, /* check auth */ NULL, /* check access */ NULL, /* type_checker */ NULL, /* fixups */ NULL, /* logger */ NULL, /* header parser */ NULL, /* child_init */ NULL, /* child_exit */ change_remote_ip /* post read-request */ }; mod_rpaf-0.5/test.pl000064400000000000000000000011051062204565600144620ustar00rootroot00000000000000#!/usr/bin/perl -w use strict; use LWP::UserAgent; use HTTP::Request; use HTTP::Headers; my $ip = shift || '10.0.0.1'; my $ua = LWP::UserAgent->new; my $headers = HTTP::Headers->new(); $headers->header('X-Forwarded-For' => "192.168.0.1, " . $ip); $headers->header('X-Host' => 'localhost'); my $request = HTTP::Request->new('GET', 'http://localhost:8080/', $headers); my $response = $ua->request($request); if ($response->is_success) { print "Ok! Please check your server log for a supposed connection from $ip\n"; } else { print "Something went wrong\n"; } __END__