mirror of
https://github.com/apache/httpd.git
synced 2025-08-05 16:55:50 +03:00
Introduce a per connection "peer_ip" and a per request "client_ip" to
distinguish between the raw IP address of the connection and the effective IP address of the request. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1206291 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Graham Leggett
@@ -1007,8 +1007,8 @@ struct request_rec {
|
|||||||
/** remote address information from conn_rec, can be overridden if
|
/** remote address information from conn_rec, can be overridden if
|
||||||
* necessary by a module.
|
* necessary by a module.
|
||||||
*/
|
*/
|
||||||
apr_sockaddr_t *remote_addr;
|
apr_sockaddr_t *client_addr;
|
||||||
char *remote_ip;
|
char *client_ip;
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -1052,10 +1052,10 @@ struct conn_rec {
|
|||||||
/** local address */
|
/** local address */
|
||||||
apr_sockaddr_t *local_addr;
|
apr_sockaddr_t *local_addr;
|
||||||
/** remote address */
|
/** remote address */
|
||||||
apr_sockaddr_t *remote_addr;
|
apr_sockaddr_t *peer_addr;
|
||||||
|
|
||||||
/** Client's IP address */
|
/** Client's IP address */
|
||||||
char *remote_ip;
|
char *peer_ip;
|
||||||
/** Client's DNS name, if known. NULL if DNS hasn't been checked,
|
/** Client's DNS name, if known. NULL if DNS hasn't been checked,
|
||||||
* "" if it has and no address was found. N.B. Only access this though
|
* "" if it has and no address was found. N.B. Only access this though
|
||||||
* get_remote_host() */
|
* get_remote_host() */
|
||||||
|
|||||||
@@ -271,7 +271,7 @@ static int find_allowdeny(request_rec *r, apr_array_header_t *a, int method)
|
|||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
case T_IP:
|
case T_IP:
|
||||||
if (apr_ipsubnet_test(ap[i].x.ip, r->remote_addr)) {
|
if (apr_ipsubnet_test(ap[i].x.ip, r->client_addr)) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|||||||
@@ -153,7 +153,7 @@ static authz_status ip_check_authorization(request_rec *r,
|
|||||||
apr_ipsubnet_t **ip = (apr_ipsubnet_t **)parsed_require_line;
|
apr_ipsubnet_t **ip = (apr_ipsubnet_t **)parsed_require_line;
|
||||||
|
|
||||||
while (*ip) {
|
while (*ip) {
|
||||||
if (apr_ipsubnet_test(*ip, r->remote_addr))
|
if (apr_ipsubnet_test(*ip, r->client_addr))
|
||||||
return AUTHZ_GRANTED;
|
return AUTHZ_GRANTED;
|
||||||
ip++;
|
ip++;
|
||||||
}
|
}
|
||||||
@@ -201,10 +201,10 @@ static authz_status local_check_authorization(request_rec *r,
|
|||||||
const void *parsed_require_line)
|
const void *parsed_require_line)
|
||||||
{
|
{
|
||||||
if ( apr_sockaddr_equal(r->connection->local_addr,
|
if ( apr_sockaddr_equal(r->connection->local_addr,
|
||||||
r->remote_addr)
|
r->client_addr)
|
||||||
|| apr_ipsubnet_test(localhost_v4, r->remote_addr)
|
|| apr_ipsubnet_test(localhost_v4, r->client_addr)
|
||||||
#if APR_HAVE_IPV6
|
#if APR_HAVE_IPV6
|
||||||
|| apr_ipsubnet_test(localhost_v6, r->remote_addr)
|
|| apr_ipsubnet_test(localhost_v6, r->client_addr)
|
||||||
#endif
|
#endif
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -1001,7 +1001,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
|
|||||||
else if (strcEQ(var, "REQUEST_FILENAME"))
|
else if (strcEQ(var, "REQUEST_FILENAME"))
|
||||||
result = r->filename;
|
result = r->filename;
|
||||||
else if (strcEQ(var, "REMOTE_ADDR"))
|
else if (strcEQ(var, "REMOTE_ADDR"))
|
||||||
result = r->remote_ip;
|
result = r->client_ip;
|
||||||
else if (strcEQ(var, "REMOTE_HOST"))
|
else if (strcEQ(var, "REMOTE_HOST"))
|
||||||
result = ap_get_remote_host(r->connection, r->per_dir_config,
|
result = ap_get_remote_host(r->connection, r->per_dir_config,
|
||||||
REMOTE_NAME, NULL);
|
REMOTE_NAME, NULL);
|
||||||
|
|||||||
@@ -154,7 +154,7 @@ static int process_echo_connection(conn_rec *c)
|
|||||||
if (!APR_STATUS_IS_EOF(rv) && ! APR_STATUS_IS_TIMEUP(rv))
|
if (!APR_STATUS_IS_EOF(rv) && ! APR_STATUS_IS_TIMEUP(rv))
|
||||||
ap_log_error(APLOG_MARK, APLOG_INFO, rv, c->base_server,
|
ap_log_error(APLOG_MARK, APLOG_INFO, rv, c->base_server,
|
||||||
"ProtocolEcho: Failure reading from %s",
|
"ProtocolEcho: Failure reading from %s",
|
||||||
c->remote_ip);
|
c->peer_ip);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -163,7 +163,7 @@ static int process_echo_connection(conn_rec *c)
|
|||||||
apr_brigade_cleanup(bb);
|
apr_brigade_cleanup(bb);
|
||||||
ap_log_error(APLOG_MARK, APLOG_INFO, rv, c->base_server,
|
ap_log_error(APLOG_MARK, APLOG_INFO, rv, c->base_server,
|
||||||
"ProtocolEcho: Error - read empty brigade from %s!",
|
"ProtocolEcho: Error - read empty brigade from %s!",
|
||||||
c->remote_ip);
|
c->peer_ip);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -181,7 +181,7 @@ static int process_echo_connection(conn_rec *c)
|
|||||||
if (rv != APR_SUCCESS) {
|
if (rv != APR_SUCCESS) {
|
||||||
ap_log_error(APLOG_MARK, APLOG_INFO, rv, c->base_server,
|
ap_log_error(APLOG_MARK, APLOG_INFO, rv, c->base_server,
|
||||||
"ProtocolEcho: Failure writing to %s",
|
"ProtocolEcho: Failure writing to %s",
|
||||||
c->remote_ip);
|
c->peer_ip);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
apr_brigade_cleanup(bb);
|
apr_brigade_cleanup(bb);
|
||||||
|
|||||||
@@ -67,11 +67,11 @@ static int noloris_conn(conn_rec *conn)
|
|||||||
/* check the IP is not banned */
|
/* check the IP is not banned */
|
||||||
shm_rec = apr_shm_baseaddr_get(shm);
|
shm_rec = apr_shm_baseaddr_get(shm);
|
||||||
while (shm_rec[0] != '\0') {
|
while (shm_rec[0] != '\0') {
|
||||||
if (!strcmp(shm_rec, conn->remote_ip)) {
|
if (!strcmp(shm_rec, conn->peer_ip)) {
|
||||||
apr_socket_t *csd = ap_get_conn_socket(conn);
|
apr_socket_t *csd = ap_get_conn_socket(conn);
|
||||||
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn,
|
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn,
|
||||||
"Dropping connection from banned IP %s",
|
"Dropping connection from banned IP %s",
|
||||||
conn->remote_ip);
|
conn->peer_ip);
|
||||||
apr_socket_close(csd);
|
apr_socket_close(csd);
|
||||||
|
|
||||||
return DONE;
|
return DONE;
|
||||||
|
|||||||
@@ -406,7 +406,7 @@ static void child_errfn(apr_pool_t *pool, apr_status_t err, const char *descript
|
|||||||
apr_file_printf(stderr_log,
|
apr_file_printf(stderr_log,
|
||||||
"[%s] [client %s] mod_ext_filter (%d)%s: %s\n",
|
"[%s] [client %s] mod_ext_filter (%d)%s: %s\n",
|
||||||
time_str,
|
time_str,
|
||||||
r->remote_ip,
|
r->client_ip,
|
||||||
err,
|
err,
|
||||||
apr_strerror(err, errbuf, sizeof(errbuf)),
|
apr_strerror(err, errbuf, sizeof(errbuf)),
|
||||||
description);
|
description);
|
||||||
|
|||||||
@@ -439,8 +439,8 @@ static request_rec *internal_internal_redirect(const char *new_uri,
|
|||||||
new->prev = r;
|
new->prev = r;
|
||||||
r->next = new;
|
r->next = new;
|
||||||
|
|
||||||
new->remote_addr = r->remote_addr;
|
new->client_addr = r->client_addr;
|
||||||
new->remote_ip = r->remote_ip;
|
new->client_ip = r->client_ip;
|
||||||
|
|
||||||
/* Must have prev and next pointers set before calling create_request
|
/* Must have prev and next pointers set before calling create_request
|
||||||
* hook.
|
* hook.
|
||||||
|
|||||||
@@ -311,10 +311,10 @@ static const char *log_remote_host(request_rec *r, char *a)
|
|||||||
static const char *log_remote_address(request_rec *r, char *a)
|
static const char *log_remote_address(request_rec *r, char *a)
|
||||||
{
|
{
|
||||||
if (a && !strcmp(a, "c")) {
|
if (a && !strcmp(a, "c")) {
|
||||||
return r->connection->remote_ip;
|
return r->connection->peer_ip;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
return r->remote_ip;
|
return r->client_ip;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -763,7 +763,7 @@ static const char *log_server_port(request_rec *r, char *a)
|
|||||||
port = r->server->port ? r->server->port : ap_default_port(r);
|
port = r->server->port ? r->server->port : ap_default_port(r);
|
||||||
}
|
}
|
||||||
else if (!strcasecmp(a, "remote")) {
|
else if (!strcasecmp(a, "remote")) {
|
||||||
port = r->remote_addr->port;
|
port = r->client_addr->port;
|
||||||
}
|
}
|
||||||
else if (!strcasecmp(a, "local")) {
|
else if (!strcasecmp(a, "local")) {
|
||||||
port = r->connection->local_addr->port;
|
port = r->connection->local_addr->port;
|
||||||
|
|||||||
@@ -743,7 +743,7 @@ AP_LUA_DECLARE(void) ap_lua_push_connection(lua_State *L, conn_rec *c)
|
|||||||
ap_lua_push_apr_table(L, c->notes);
|
ap_lua_push_apr_table(L, c->notes);
|
||||||
lua_setfield(L, -2, "notes");
|
lua_setfield(L, -2, "notes");
|
||||||
|
|
||||||
lua_pushstring(L, c->remote_ip);
|
lua_pushstring(L, c->peer_ip);
|
||||||
lua_setfield(L, -2, "remote_ip");
|
lua_setfield(L, -2, "remote_ip");
|
||||||
|
|
||||||
lua_pop(L, 1);
|
lua_pop(L, 1);
|
||||||
|
|||||||
@@ -1860,7 +1860,7 @@ static char *lookup_variable(char *var, rewrite_ctx *ctx)
|
|||||||
else if (!strcmp(var, "IPV6")) {
|
else if (!strcmp(var, "IPV6")) {
|
||||||
int flag = FALSE;
|
int flag = FALSE;
|
||||||
#if APR_HAVE_IPV6
|
#if APR_HAVE_IPV6
|
||||||
apr_sockaddr_t *addr = r->remote_addr;
|
apr_sockaddr_t *addr = r->client_addr;
|
||||||
flag = (addr->family == AF_INET6 &&
|
flag = (addr->family == AF_INET6 &&
|
||||||
!IN6_IS_ADDR_V4MAPPED((struct in6_addr *)addr->ipaddr_ptr));
|
!IN6_IS_ADDR_V4MAPPED((struct in6_addr *)addr->ipaddr_ptr));
|
||||||
rewritelog((r, 1, ctx->perdir, "IPV6='%s'", flag ? "on" : "off"));
|
rewritelog((r, 1, ctx->perdir, "IPV6='%s'", flag ? "on" : "off"));
|
||||||
@@ -1966,7 +1966,7 @@ static char *lookup_variable(char *var, rewrite_ctx *ctx)
|
|||||||
|
|
||||||
case 'D':
|
case 'D':
|
||||||
if (*var == 'R' && !strcmp(var, "REMOTE_ADDR")) {
|
if (*var == 'R' && !strcmp(var, "REMOTE_ADDR")) {
|
||||||
result = r->remote_ip;
|
result = r->client_ip;
|
||||||
}
|
}
|
||||||
else if (!strcmp(var, "SERVER_ADDR")) {
|
else if (!strcmp(var, "SERVER_ADDR")) {
|
||||||
result = r->connection->local_ip;
|
result = r->connection->local_ip;
|
||||||
@@ -2005,7 +2005,7 @@ static char *lookup_variable(char *var, rewrite_ctx *ctx)
|
|||||||
REMOTE_NAME, NULL);
|
REMOTE_NAME, NULL);
|
||||||
}
|
}
|
||||||
else if (!strcmp(var, "REMOTE_PORT")) {
|
else if (!strcmp(var, "REMOTE_PORT")) {
|
||||||
return apr_itoa(r->pool, r->remote_addr->port);
|
return apr_itoa(r->pool, r->client_addr->port);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|||||||
@@ -101,14 +101,14 @@ static apr_status_t rfc1413_connect(apr_socket_t **newsock, conn_rec *conn,
|
|||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((rv = apr_sockaddr_info_get(&destsa, conn->remote_ip,
|
if ((rv = apr_sockaddr_info_get(&destsa, conn->peer_ip,
|
||||||
localsa->family, /* has to match */
|
localsa->family, /* has to match */
|
||||||
RFC1413_PORT, 0, conn->pool)) != APR_SUCCESS) {
|
RFC1413_PORT, 0, conn->pool)) != APR_SUCCESS) {
|
||||||
/* This should not fail since we have a numeric address string
|
/* This should not fail since we have a numeric address string
|
||||||
* as the host. */
|
* as the host. */
|
||||||
ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
|
ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
|
||||||
"rfc1413: apr_sockaddr_info_get(%s) failed",
|
"rfc1413: apr_sockaddr_info_get(%s) failed",
|
||||||
conn->remote_ip);
|
conn->peer_ip);
|
||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -167,7 +167,7 @@ static apr_status_t rfc1413_query(apr_socket_t *sock, conn_rec *conn,
|
|||||||
apr_size_t buflen;
|
apr_size_t buflen;
|
||||||
|
|
||||||
sav_our_port = conn->local_addr->port;
|
sav_our_port = conn->local_addr->port;
|
||||||
sav_rmt_port = conn->remote_addr->port;
|
sav_rmt_port = conn->peer_addr->port;
|
||||||
|
|
||||||
/* send the data */
|
/* send the data */
|
||||||
buflen = apr_snprintf(buffer, sizeof(buffer), "%hu,%hu\r\n", sav_rmt_port,
|
buflen = apr_snprintf(buffer, sizeof(buffer), "%hu,%hu\r\n", sav_rmt_port,
|
||||||
|
|||||||
@@ -51,8 +51,8 @@ typedef struct {
|
|||||||
} remoteip_config_t;
|
} remoteip_config_t;
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
apr_sockaddr_t *remote_addr;
|
apr_sockaddr_t *client_addr;
|
||||||
char *remote_ip;
|
char *client_ip;
|
||||||
/** The list of proxy ip's ignored as remote ip's */
|
/** The list of proxy ip's ignored as remote ip's */
|
||||||
const char *proxy_ips;
|
const char *proxy_ips;
|
||||||
/** The remaining list of untrusted proxied remote ip's */
|
/** The remaining list of untrusted proxied remote ip's */
|
||||||
@@ -243,18 +243,18 @@ static int remoteip_modify_request(request_rec *r)
|
|||||||
}
|
}
|
||||||
remote = apr_pstrdup(r->pool, remote);
|
remote = apr_pstrdup(r->pool, remote);
|
||||||
|
|
||||||
temp_sa = c->remote_addr;
|
temp_sa = c->peer_addr;
|
||||||
|
|
||||||
while (remote) {
|
while (remote) {
|
||||||
|
|
||||||
/* verify c->remote_addr is trusted if there is a trusted proxy list
|
/* verify c->peer_addr is trusted if there is a trusted proxy list
|
||||||
*/
|
*/
|
||||||
if (config->proxymatch_ip) {
|
if (config->proxymatch_ip) {
|
||||||
int i;
|
int i;
|
||||||
remoteip_proxymatch_t *match;
|
remoteip_proxymatch_t *match;
|
||||||
match = (remoteip_proxymatch_t *)config->proxymatch_ip->elts;
|
match = (remoteip_proxymatch_t *)config->proxymatch_ip->elts;
|
||||||
for (i = 0; i < config->proxymatch_ip->nelts; ++i) {
|
for (i = 0; i < config->proxymatch_ip->nelts; ++i) {
|
||||||
if (apr_ipsubnet_test(match[i].ip, c->remote_addr)) {
|
if (apr_ipsubnet_test(match[i].ip, c->peer_addr)) {
|
||||||
internal = match[i].internal;
|
internal = match[i].internal;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -356,19 +356,19 @@ static int remoteip_modify_request(request_rec *r)
|
|||||||
req = (remoteip_req_t *) apr_palloc(r->pool, sizeof(remoteip_req_t));
|
req = (remoteip_req_t *) apr_palloc(r->pool, sizeof(remoteip_req_t));
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Set remote_ip string */
|
/* Set peer_ip string */
|
||||||
if (!internal) {
|
if (!internal) {
|
||||||
if (proxy_ips) {
|
if (proxy_ips) {
|
||||||
proxy_ips = apr_pstrcat(r->pool, proxy_ips, ", ",
|
proxy_ips = apr_pstrcat(r->pool, proxy_ips, ", ",
|
||||||
c->remote_ip, NULL);
|
c->peer_ip, NULL);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
proxy_ips = c->remote_ip;
|
proxy_ips = c->peer_ip;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
req->remote_addr = temp_sa;
|
req->client_addr = temp_sa;
|
||||||
apr_sockaddr_ip_get(&req->remote_ip, req->remote_addr);
|
apr_sockaddr_ip_get(&req->client_ip, req->client_addr);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Nothing happened? */
|
/* Nothing happened? */
|
||||||
@@ -394,14 +394,14 @@ static int remoteip_modify_request(request_rec *r)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
r->remote_addr = req->remote_addr;
|
r->client_addr = req->client_addr;
|
||||||
r->remote_ip = req->remote_ip;
|
r->client_ip = req->client_ip;
|
||||||
|
|
||||||
ap_log_rerror(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r,
|
ap_log_rerror(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r,
|
||||||
req->proxy_ips
|
req->proxy_ips
|
||||||
? "Using %s as client's IP by proxies %s"
|
? "Using %s as client's IP by proxies %s"
|
||||||
: "Using %s as client's IP by internal proxies",
|
: "Using %s as client's IP by internal proxies",
|
||||||
req->remote_ip, req->proxy_ips);
|
req->client_ip, req->proxy_ips);
|
||||||
return OK;
|
return OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -527,7 +527,7 @@ static int match_headers(request_rec *r)
|
|||||||
last_name = b->name;
|
last_name = b->name;
|
||||||
switch (b->special_type) {
|
switch (b->special_type) {
|
||||||
case SPECIAL_REMOTE_ADDR:
|
case SPECIAL_REMOTE_ADDR:
|
||||||
val = r->remote_ip;
|
val = r->client_ip;
|
||||||
break;
|
break;
|
||||||
case SPECIAL_SERVER_ADDR:
|
case SPECIAL_SERVER_ADDR:
|
||||||
val = r->connection->local_ip;
|
val = r->connection->local_ip;
|
||||||
|
|||||||
@@ -247,7 +247,7 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
|
|||||||
ajp_msg_append_uint8(msg, (apr_byte_t) method) ||
|
ajp_msg_append_uint8(msg, (apr_byte_t) method) ||
|
||||||
ajp_msg_append_string(msg, r->protocol) ||
|
ajp_msg_append_string(msg, r->protocol) ||
|
||||||
ajp_msg_append_string(msg, uri->path) ||
|
ajp_msg_append_string(msg, uri->path) ||
|
||||||
ajp_msg_append_string(msg, r->remote_ip) ||
|
ajp_msg_append_string(msg, r->client_ip) ||
|
||||||
ajp_msg_append_string(msg, remote_host) ||
|
ajp_msg_append_string(msg, remote_host) ||
|
||||||
ajp_msg_append_string(msg, ap_get_server_name(r)) ||
|
ajp_msg_append_string(msg, ap_get_server_name(r)) ||
|
||||||
ajp_msg_append_uint16(msg, (apr_uint16_t)r->connection->local_addr->port) ||
|
ajp_msg_append_uint16(msg, (apr_uint16_t)r->connection->local_addr->port) ||
|
||||||
@@ -413,7 +413,7 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
|
|||||||
*/
|
*/
|
||||||
{
|
{
|
||||||
const char *key = SC_A_REQ_REMOTE_PORT;
|
const char *key = SC_A_REQ_REMOTE_PORT;
|
||||||
char *val = apr_itoa(r->pool, r->remote_addr->port);
|
char *val = apr_itoa(r->pool, r->client_addr->port);
|
||||||
if (ajp_msg_append_uint8(msg, SC_A_REQ_ATTRIBUTE) ||
|
if (ajp_msg_append_uint8(msg, SC_A_REQ_ATTRIBUTE) ||
|
||||||
ajp_msg_append_string(msg, key) ||
|
ajp_msg_append_string(msg, key) ||
|
||||||
ajp_msg_append_string(msg, val)) {
|
ajp_msg_append_string(msg, val)) {
|
||||||
|
|||||||
@@ -532,7 +532,7 @@ static int stream_reqbody_cl(apr_pool_t *p,
|
|||||||
if (bytes_streamed != cl_val) {
|
if (bytes_streamed != cl_val) {
|
||||||
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
|
||||||
"client %s given Content-Length did not match"
|
"client %s given Content-Length did not match"
|
||||||
" number of body bytes read", r->connection->remote_ip);
|
" number of body bytes read", r->connection->peer_ip);
|
||||||
return HTTP_BAD_REQUEST;
|
return HTTP_BAD_REQUEST;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -858,7 +858,7 @@ int ap_proxy_http_request(apr_pool_t *p, request_rec *r,
|
|||||||
* determine, where the original request came from.
|
* determine, where the original request came from.
|
||||||
*/
|
*/
|
||||||
apr_table_mergen(r->headers_in, "X-Forwarded-For",
|
apr_table_mergen(r->headers_in, "X-Forwarded-For",
|
||||||
r->remote_ip);
|
r->client_ip);
|
||||||
|
|
||||||
/* Add X-Forwarded-Host: so that upstream knows what the
|
/* Add X-Forwarded-Host: so that upstream knows what the
|
||||||
* original request hostname was.
|
* original request hostname was.
|
||||||
@@ -1002,7 +1002,7 @@ int ap_proxy_http_request(apr_pool_t *p, request_rec *r,
|
|||||||
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
|
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
|
||||||
"client %s (%s) requested Transfer-Encoding "
|
"client %s (%s) requested Transfer-Encoding "
|
||||||
"chunked body with Content-Length (C-L ignored)",
|
"chunked body with Content-Length (C-L ignored)",
|
||||||
c->remote_ip, c->remote_host ? c->remote_host: "");
|
c->peer_ip, c->remote_host ? c->remote_host: "");
|
||||||
apr_table_unset(r->headers_in, "Content-Length");
|
apr_table_unset(r->headers_in, "Content-Length");
|
||||||
old_cl_val = NULL;
|
old_cl_val = NULL;
|
||||||
origin->keepalive = AP_CONN_CLOSE;
|
origin->keepalive = AP_CONN_CLOSE;
|
||||||
@@ -1027,7 +1027,7 @@ int ap_proxy_http_request(apr_pool_t *p, request_rec *r,
|
|||||||
"prefetch request body failed to %pI (%s)"
|
"prefetch request body failed to %pI (%s)"
|
||||||
" from %s (%s)",
|
" from %s (%s)",
|
||||||
p_conn->addr, p_conn->hostname ? p_conn->hostname: "",
|
p_conn->addr, p_conn->hostname ? p_conn->hostname: "",
|
||||||
c->remote_ip, c->remote_host ? c->remote_host: "");
|
c->peer_ip, c->remote_host ? c->remote_host: "");
|
||||||
return HTTP_BAD_REQUEST;
|
return HTTP_BAD_REQUEST;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1049,7 +1049,7 @@ int ap_proxy_http_request(apr_pool_t *p, request_rec *r,
|
|||||||
"processing prefetched request body failed"
|
"processing prefetched request body failed"
|
||||||
" to %pI (%s) from %s (%s)",
|
" to %pI (%s) from %s (%s)",
|
||||||
p_conn->addr, p_conn->hostname ? p_conn->hostname: "",
|
p_conn->addr, p_conn->hostname ? p_conn->hostname: "",
|
||||||
c->remote_ip, c->remote_host ? c->remote_host: "");
|
c->peer_ip, c->remote_host ? c->remote_host: "");
|
||||||
return HTTP_INTERNAL_SERVER_ERROR;
|
return HTTP_INTERNAL_SERVER_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1188,7 +1188,7 @@ skip_body:
|
|||||||
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
|
||||||
"pass request body failed to %pI (%s) from %s (%s)",
|
"pass request body failed to %pI (%s) from %s (%s)",
|
||||||
p_conn->addr, p_conn->hostname ? p_conn->hostname: "",
|
p_conn->addr, p_conn->hostname ? p_conn->hostname: "",
|
||||||
c->remote_ip, c->remote_host ? c->remote_host: "");
|
c->peer_ip, c->remote_host ? c->remote_host: "");
|
||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -917,7 +917,7 @@ int ssl_hook_Access(request_rec *r)
|
|||||||
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
|
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
|
||||||
"Access to %s denied for %s "
|
"Access to %s denied for %s "
|
||||||
"(requirement expression not fulfilled)",
|
"(requirement expression not fulfilled)",
|
||||||
r->filename, r->remote_ip);
|
r->filename, r->client_ip);
|
||||||
|
|
||||||
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
|
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
|
||||||
"Failed expression: %s", req->cpExpr);
|
"Failed expression: %s", req->cpExpr);
|
||||||
|
|||||||
@@ -188,7 +188,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
|
|||||||
else if (strcEQ(var, "REQUEST_FILENAME"))
|
else if (strcEQ(var, "REQUEST_FILENAME"))
|
||||||
result = r->filename;
|
result = r->filename;
|
||||||
else if (strcEQ(var, "REMOTE_ADDR"))
|
else if (strcEQ(var, "REMOTE_ADDR"))
|
||||||
result = r->remote_ip;
|
result = r->client_ip;
|
||||||
else if (strcEQ(var, "REMOTE_HOST"))
|
else if (strcEQ(var, "REMOTE_HOST"))
|
||||||
result = ap_get_remote_host(r->connection, r->per_dir_config,
|
result = ap_get_remote_host(r->connection, r->per_dir_config,
|
||||||
REMOTE_NAME, NULL);
|
REMOTE_NAME, NULL);
|
||||||
|
|||||||
@@ -829,7 +829,7 @@ static APR_INLINE void do_double_reverse (conn_rec *conn)
|
|||||||
rv = apr_sockaddr_info_get(&sa, conn->remote_host, APR_UNSPEC, 0, 0, conn->pool);
|
rv = apr_sockaddr_info_get(&sa, conn->remote_host, APR_UNSPEC, 0, 0, conn->pool);
|
||||||
if (rv == APR_SUCCESS) {
|
if (rv == APR_SUCCESS) {
|
||||||
while (sa) {
|
while (sa) {
|
||||||
if (apr_sockaddr_equal(sa, conn->remote_addr)) {
|
if (apr_sockaddr_equal(sa, conn->peer_addr)) {
|
||||||
conn->double_reverse = 1;
|
conn->double_reverse = 1;
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -871,7 +871,7 @@ AP_DECLARE(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config,
|
|||||||
&& (type == REMOTE_DOUBLE_REV
|
&& (type == REMOTE_DOUBLE_REV
|
||||||
|| hostname_lookups != HOSTNAME_LOOKUP_OFF)) {
|
|| hostname_lookups != HOSTNAME_LOOKUP_OFF)) {
|
||||||
|
|
||||||
if (apr_getnameinfo(&conn->remote_host, conn->remote_addr, 0)
|
if (apr_getnameinfo(&conn->remote_host, conn->peer_addr, 0)
|
||||||
== APR_SUCCESS) {
|
== APR_SUCCESS) {
|
||||||
ap_str_tolower(conn->remote_host);
|
ap_str_tolower(conn->remote_host);
|
||||||
|
|
||||||
@@ -910,7 +910,7 @@ AP_DECLARE(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config,
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
*str_is_ip = 1;
|
*str_is_ip = 1;
|
||||||
return conn->remote_ip;
|
return conn->peer_ip;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -4497,7 +4497,7 @@ static conn_rec *core_create_conn(apr_pool_t *ptrans, server_rec *server,
|
|||||||
}
|
}
|
||||||
|
|
||||||
apr_sockaddr_ip_get(&c->local_ip, c->local_addr);
|
apr_sockaddr_ip_get(&c->local_ip, c->local_addr);
|
||||||
if ((rv = apr_socket_addr_get(&c->remote_addr, APR_REMOTE, csd))
|
if ((rv = apr_socket_addr_get(&c->peer_addr, APR_REMOTE, csd))
|
||||||
!= APR_SUCCESS) {
|
!= APR_SUCCESS) {
|
||||||
ap_log_error(APLOG_MARK, APLOG_INFO, rv, server,
|
ap_log_error(APLOG_MARK, APLOG_INFO, rv, server,
|
||||||
"apr_socket_addr_get(APR_REMOTE)");
|
"apr_socket_addr_get(APR_REMOTE)");
|
||||||
@@ -4505,7 +4505,7 @@ static conn_rec *core_create_conn(apr_pool_t *ptrans, server_rec *server,
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
apr_sockaddr_ip_get(&c->remote_ip, c->remote_addr);
|
apr_sockaddr_ip_get(&c->peer_ip, c->peer_addr);
|
||||||
c->base_server = server;
|
c->base_server = server;
|
||||||
|
|
||||||
c->id = id;
|
c->id = id;
|
||||||
|
|||||||
14
server/log.c
14
server/log.c
@@ -562,11 +562,11 @@ static int log_remote_address(const ap_errorlog_info *info, const char *arg,
|
|||||||
char *buf, int buflen)
|
char *buf, int buflen)
|
||||||
{
|
{
|
||||||
if (info->r && !(arg && *arg == 'c'))
|
if (info->r && !(arg && *arg == 'c'))
|
||||||
return apr_snprintf(buf, buflen, "%s:%d", info->r->remote_ip,
|
return apr_snprintf(buf, buflen, "%s:%d", info->r->client_ip,
|
||||||
info->r->remote_addr->port);
|
info->r->client_addr->port);
|
||||||
else if (info->c)
|
else if (info->c)
|
||||||
return apr_snprintf(buf, buflen, "%s:%d", info->c->remote_ip,
|
return apr_snprintf(buf, buflen, "%s:%d", info->c->peer_ip,
|
||||||
info->c->remote_addr->port);
|
info->c->peer_addr->port);
|
||||||
else
|
else
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -962,18 +962,18 @@ static int do_errorlog_default(const ap_errorlog_info *info, char *buf,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* remote_ip can be client or backend server. If we have a scoreboard
|
* client_ip/peer_ip can be client or backend server. If we have a scoreboard
|
||||||
* handle, it is likely a client.
|
* handle, it is likely a client.
|
||||||
*/
|
*/
|
||||||
if (info->r) {
|
if (info->r) {
|
||||||
len += apr_snprintf(buf + len, buflen - len,
|
len += apr_snprintf(buf + len, buflen - len,
|
||||||
info->r->connection->sbh ? "[client %s:%d] " : "[remote %s:%d] ",
|
info->r->connection->sbh ? "[client %s:%d] " : "[remote %s:%d] ",
|
||||||
info->r->remote_ip, info->r->remote_addr->port);
|
info->r->client_ip, info->r->client_addr->port);
|
||||||
}
|
}
|
||||||
else if (info->c) {
|
else if (info->c) {
|
||||||
len += apr_snprintf(buf + len, buflen - len,
|
len += apr_snprintf(buf + len, buflen - len,
|
||||||
info->c->sbh ? "[client %s:%d] " : "[remote %s:%d] ",
|
info->c->sbh ? "[client %s:%d] " : "[remote %s:%d] ",
|
||||||
info->c->remote_ip, info->c->remote_addr->port);
|
info->c->peer_ip, info->c->peer_addr->port);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* the actual error message */
|
/* the actual error message */
|
||||||
|
|||||||
@@ -979,8 +979,8 @@ request_rec *ap_read_request(conn_rec *conn)
|
|||||||
*/
|
*/
|
||||||
r->used_path_info = AP_REQ_DEFAULT_PATH_INFO;
|
r->used_path_info = AP_REQ_DEFAULT_PATH_INFO;
|
||||||
|
|
||||||
r->remote_addr = conn->remote_addr;
|
r->client_addr = conn->peer_addr;
|
||||||
r->remote_ip = conn->remote_ip;
|
r->client_ip = conn->peer_ip;
|
||||||
|
|
||||||
tmp_bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
|
tmp_bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
|
||||||
|
|
||||||
|
|||||||
@@ -1832,8 +1832,8 @@ static request_rec *make_sub_request(const request_rec *r,
|
|||||||
rnew->output_filters = r->proto_output_filters;
|
rnew->output_filters = r->proto_output_filters;
|
||||||
}
|
}
|
||||||
|
|
||||||
rnew->remote_addr = r->remote_addr;
|
rnew->client_addr = r->client_addr;
|
||||||
rnew->remote_ip = r->remote_ip;
|
rnew->client_ip = r->client_ip;
|
||||||
|
|
||||||
/* no input filters for a subrequest */
|
/* no input filters for a subrequest */
|
||||||
|
|
||||||
|
|||||||
@@ -1206,7 +1206,7 @@ static const char *conn_var_fn(ap_expr_eval_ctx_t *ctx, const void *data)
|
|||||||
case 1:
|
case 1:
|
||||||
#if APR_HAVE_IPV6
|
#if APR_HAVE_IPV6
|
||||||
{
|
{
|
||||||
apr_sockaddr_t *addr = c->remote_addr;
|
apr_sockaddr_t *addr = c->peer_addr;
|
||||||
if (addr->family == AF_INET6
|
if (addr->family == AF_INET6
|
||||||
&& !IN6_IS_ADDR_V4MAPPED((struct in6_addr *)addr->ipaddr_ptr))
|
&& !IN6_IS_ADDR_V4MAPPED((struct in6_addr *)addr->ipaddr_ptr))
|
||||||
return "on";
|
return "on";
|
||||||
@@ -1219,7 +1219,7 @@ static const char *conn_var_fn(ap_expr_eval_ctx_t *ctx, const void *data)
|
|||||||
case 2:
|
case 2:
|
||||||
return c->log_id;
|
return c->log_id;
|
||||||
case 3:
|
case 3:
|
||||||
return c->remote_ip;
|
return c->peer_ip;
|
||||||
default:
|
default:
|
||||||
ap_assert(0);
|
ap_assert(0);
|
||||||
return NULL;
|
return NULL;
|
||||||
@@ -1342,7 +1342,7 @@ static const char *request_var_fn(ap_expr_eval_ctx_t *ctx, const void *data)
|
|||||||
case 27:
|
case 27:
|
||||||
return r->status ? apr_psprintf(ctx->p, "%d", r->status) : "";
|
return r->status ? apr_psprintf(ctx->p, "%d", r->status) : "";
|
||||||
case 28:
|
case 28:
|
||||||
return r->remote_ip;
|
return r->client_ip;
|
||||||
default:
|
default:
|
||||||
ap_assert(0);
|
ap_assert(0);
|
||||||
return NULL;
|
return NULL;
|
||||||
@@ -1491,7 +1491,7 @@ static int op_R(ap_expr_eval_ctx_t *ctx, const void *data, const char *arg1)
|
|||||||
if (!ctx->r)
|
if (!ctx->r)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
return apr_ipsubnet_test(subnet, ctx->r->remote_addr);
|
return apr_ipsubnet_test(subnet, ctx->r->client_addr);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int op_T(ap_expr_eval_ctx_t *ctx, const void *data, const char *arg)
|
static int op_T(ap_expr_eval_ctx_t *ctx, const void *data, const char *arg)
|
||||||
|
|||||||
@@ -235,7 +235,7 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r)
|
|||||||
apr_psprintf(r->pool, "%u", ap_get_server_port(r)));
|
apr_psprintf(r->pool, "%u", ap_get_server_port(r)));
|
||||||
add_unless_null(e, "REMOTE_HOST",
|
add_unless_null(e, "REMOTE_HOST",
|
||||||
ap_get_remote_host(c, r->per_dir_config, REMOTE_HOST, NULL));
|
ap_get_remote_host(c, r->per_dir_config, REMOTE_HOST, NULL));
|
||||||
apr_table_addn(e, "REMOTE_ADDR", c->remote_ip);
|
apr_table_addn(e, "REMOTE_ADDR", r->client_ip);
|
||||||
apr_table_addn(e, "DOCUMENT_ROOT", ap_document_root(r)); /* Apache */
|
apr_table_addn(e, "DOCUMENT_ROOT", ap_document_root(r)); /* Apache */
|
||||||
apr_table_setn(e, "REQUEST_SCHEME", ap_http_scheme(r));
|
apr_table_setn(e, "REQUEST_SCHEME", ap_http_scheme(r));
|
||||||
apr_table_addn(e, "CONTEXT_PREFIX", ap_context_prefix(r));
|
apr_table_addn(e, "CONTEXT_PREFIX", ap_context_prefix(r));
|
||||||
@@ -243,7 +243,7 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r)
|
|||||||
apr_table_addn(e, "SERVER_ADMIN", s->server_admin); /* Apache */
|
apr_table_addn(e, "SERVER_ADMIN", s->server_admin); /* Apache */
|
||||||
apr_table_addn(e, "SCRIPT_FILENAME", r->filename); /* Apache */
|
apr_table_addn(e, "SCRIPT_FILENAME", r->filename); /* Apache */
|
||||||
|
|
||||||
rport = c->remote_addr->port;
|
rport = c->peer_addr->port;
|
||||||
apr_table_addn(e, "REMOTE_PORT", apr_itoa(r->pool, rport));
|
apr_table_addn(e, "REMOTE_PORT", apr_itoa(r->pool, rport));
|
||||||
|
|
||||||
if (r->user) {
|
if (r->user) {
|
||||||
|
|||||||
Reference in New Issue
Block a user