/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "ap_config.h"
#include "ap_mmn.h"
#include "httpd.h"
#include "http_config.h"
#include "http_connection.h"
#include "http_protocol.h"
#include "http_log.h"
#include "apr_strings.h"
#include "apr_lib.h"
#define APR_WANT_BYTEFUNC
#include "apr_want.h"
#include "apr_network_io.h"
module AP_MODULE_DECLARE_DATA remoteip_module;
typedef struct {
/** A proxy IP mask to match */
apr_ipsubnet_t *ip;
/** Flagged if internal, otherwise an external trusted proxy */
void *internal;
} remoteip_proxymatch_t;
typedef struct {
/** The header to retrieve a proxy-via ip list */
const char *header_name;
/** A header to record the proxied IP's
* (removed as the physical connection and
* from the proxy-via ip header value list)
*/
const char *proxies_header_name;
/** A list of trusted proxies, ideally configured
* with the most commonly encountered listed first
*/
apr_array_header_t *proxymatch_ip;
} remoteip_config_t;
typedef struct {
apr_sockaddr_t *remote_addr;
char *remote_ip;
/** The list of proxy ip's ignored as remote ip's */
const char *proxy_ips;
/** The remaining list of untrusted proxied remote ip's */
const char *proxied_remote;
} remoteip_req_t;
static void *create_remoteip_server_config(apr_pool_t *p, server_rec *s)
{
remoteip_config_t *config = apr_pcalloc(p, sizeof *config);
/* config->header_name = NULL;
* config->proxies_header_name = NULL;
*/
return config;
}
static void *merge_remoteip_server_config(apr_pool_t *p, void *globalv,
void *serverv)
{
remoteip_config_t *global = (remoteip_config_t *) globalv;
remoteip_config_t *server = (remoteip_config_t *) serverv;
remoteip_config_t *config;
config = (remoteip_config_t *) apr_palloc(p, sizeof(*config));
config->header_name = server->header_name
? server->header_name
: global->header_name;
config->proxies_header_name = server->proxies_header_name
? server->proxies_header_name
: global->proxies_header_name;
config->proxymatch_ip = server->proxymatch_ip
? server->proxymatch_ip
: global->proxymatch_ip;
return config;
}
static const char *header_name_set(cmd_parms *cmd, void *dummy,
const char *arg)
{
remoteip_config_t *config = ap_get_module_config(cmd->server->module_config,
&remoteip_module);
config->header_name = arg;
return NULL;
}
static const char *proxies_header_name_set(cmd_parms *cmd, void *dummy,
const char *arg)
{
remoteip_config_t *config = ap_get_module_config(cmd->server->module_config,
&remoteip_module);
config->proxies_header_name = arg;
return NULL;
}
/* Would be quite nice if APR exported this */
/* apr:network_io/unix/sockaddr.c */
static int looks_like_ip(const char *ipstr)
{
if (ap_strchr_c(ipstr, ':')) {
/* definitely not a hostname; assume it is intended to be an IPv6 address */
return 1;
}
/* simple IPv4 address string check */
while ((*ipstr == '.') || apr_isdigit(*ipstr))
ipstr++;
return (*ipstr == '\0');
}
static const char *proxies_set(cmd_parms *cmd, void *cfg,
const char *arg)
{
remoteip_config_t *config = ap_get_module_config(cmd->server->module_config,
&remoteip_module);
remoteip_proxymatch_t *match;
apr_status_t rv;
char *ip = apr_pstrdup(cmd->temp_pool, arg);
char *s = ap_strchr(ip, '/');
if (s) {
*s++ = '\0';
}
if (!config->proxymatch_ip) {
config->proxymatch_ip = apr_array_make(cmd->pool, 1, sizeof(*match));
}
match = (remoteip_proxymatch_t *) apr_array_push(config->proxymatch_ip);
match->internal = cmd->info;
if (looks_like_ip(ip)) {
/* Note s may be null, that's fine (explicit host) */
rv = apr_ipsubnet_create(&match->ip, ip, s, cmd->pool);
}
else
{
apr_sockaddr_t *temp_sa;
if (s) {
return apr_pstrcat(cmd->pool, "RemoteIP: Error parsing IP ", arg,
" the subnet /", s, " is invalid for ",
cmd->cmd->name, NULL);
}
rv = apr_sockaddr_info_get(&temp_sa, ip, APR_UNSPEC, 0,
APR_IPV4_ADDR_OK, cmd->temp_pool);
while (rv == APR_SUCCESS)
{
apr_sockaddr_ip_get(&ip, temp_sa);
rv = apr_ipsubnet_create(&match->ip, ip, NULL, cmd->pool);
if (!(temp_sa = temp_sa->next)) {
break;
}
match = (remoteip_proxymatch_t *)
apr_array_push(config->proxymatch_ip);
match->internal = cmd->info;
}
}
if (rv != APR_SUCCESS) {
char msgbuf[128];
apr_strerror(rv, msgbuf, sizeof(msgbuf));
return apr_pstrcat(cmd->pool, "RemoteIP: Error parsing IP ", arg,
" (", msgbuf, " error) for ", cmd->cmd->name, NULL);
}
return NULL;
}
static const char *proxylist_read(cmd_parms *cmd, void *cfg,
const char *filename)
{
char lbuf[MAX_STRING_LEN];
char *arg;
const char *args;
const char *errmsg;
ap_configfile_t *cfp;
apr_status_t rv;
filename = ap_server_root_relative(cmd->temp_pool, filename);
rv = ap_pcfg_openfile(&cfp, cmd->temp_pool, filename);
if (rv != APR_SUCCESS) {
return apr_psprintf(cmd->pool, "%s: Could not open file %s: %s",
cmd->cmd->name, filename,
apr_strerror(rv, lbuf, sizeof(lbuf)));
}
while (!(ap_cfg_getline(lbuf, MAX_STRING_LEN, cfp))) {
args = lbuf;
while (*(arg = ap_getword_conf(cmd->temp_pool, &args)) != '\0') {
if (*arg == '#' || *arg == '\0') {
break;
}
errmsg = proxies_set(cmd, cfg, arg);
if (errmsg) {
errmsg = apr_psprintf(cmd->pool, "%s at line %d of %s",
errmsg, cfp->line_number, filename);
return errmsg;
}
}
}
ap_cfg_closefile(cfp);
return NULL;
}
static int remoteip_modify_request(request_rec *r)
{
conn_rec *c = r->connection;
remoteip_config_t *config = (remoteip_config_t *)
ap_get_module_config(r->server->module_config, &remoteip_module);
remoteip_req_t *req = NULL;
apr_sockaddr_t *temp_sa;
apr_status_t rv;
char *remote;
char *proxy_ips = NULL;
char *parse_remote;
char *eos;
unsigned char *addrbyte;
void *internal = NULL;
if (!config->header_name) {
return DECLINED;
}
remote = (char *) apr_table_get(r->headers_in, config->header_name);
if (!remote) {
return OK;
}
remote
没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
收起资源包目录
Linux LNMP Web3软件开发套装 (168个子文件)
init.d.php-fpm5.2 3KB
mod_remoteip.c 15KB
ChangeLog 19KB
httpd24-lamp.conf 18KB
httpd24-lnmpa.conf 18KB
httpd22-lnmpa.conf 16KB
httpd22-lamp.conf 16KB
magento2-example.conf 13KB
pure-ftpd.conf 11KB
nextcloud-example.conf 9KB
owncloud-example.conf 8KB
php-fpm5.2.conf 5KB
ecshop.conf 3KB
nginx_a.conf 3KB
nginx.conf 3KB
httpd-default.conf 2KB
nginx-reverse-proxy-example.conf 2KB
enable-ssl-example.conf 2KB
enable-ssl-example-letsencrypt-with-301.conf 2KB
enable-ssl-example-with-301.conf 2KB
enable-lnmpa-ssl-vhost-example.conf 1KB
httpd-vhosts-lnmpa.conf 1KB
httpd-vhosts-lamp.conf 1KB
sablog.conf 979B
discuzx2.conf 910B
discuzx.conf 898B
httpd24-ssl.conf 891B
httpd22-ssl.conf 652B
enable-apache-ssl-vhost-example.conf 586B
proxy.conf 520B
lnmp.conf 501B
dedecms.conf 476B
discuz.conf 456B
proxy-pass-php.conf 349B
enable-php5.5.conf 210B
enable-php5.3.conf 210B
enable-php8.2.conf 210B
enable-php7.4.conf 210B
enable-php5.4.conf 210B
enable-php8.3.conf 210B
enable-php7.3.conf 210B
enable-php7.0.conf 210B
enable-php7.1.conf 210B
enable-php5.2.conf 210B
enable-php7.2.conf 210B
enable-php8.0.conf 210B
enable-php8.1.conf 210B
enable-php5.6.conf 210B
enable-php-pathinfo.conf 209B
enable-php.conf 207B
zblog.conf 198B
wp2.conf 157B
phpwind.conf 157B
pathinfo.conf 156B
wordpress.conf 151B
yii2.conf 126B
shopex.conf 120B
thinkphp.conf 114B
mod_remoteip.conf 114B
typecho2.conf 112B
dabr.conf 83B
typecho.conf 81B
drupal.conf 78B
codeigniter.conf 68B
laravel.conf 67B
joomla.conf 57B
none.conf 0B
other.conf 0B
init.d.fail2ban 2KB
lnmp.gif 6KB
index.html 3KB
init.d.httpd 4KB
lamp 37KB
License 209B
lnmp 55KB
lnmpa 40KB
init.d.memcached 2KB
init.d.nginx 3KB
php-7.0-intl.patch 23KB
php-5.6-intl.patch 23KB
nginx-gcc8.patch 7KB
php-5.2.17-max-input-vars.patch 4KB
php-7.3-icu70.patch 2KB
php-7.2-icu70.patch 2KB
php-5.3-multipart-form-data.patch 2KB
php-5.2-multipart-form-data.patch 2KB
php-5.2.17-xml.patch 2KB
debian_patches_disable_SSLv2_for_openssl_1_0_0.patch 2KB
mysql-5.1-mysql-gcc7.patch 2KB
php-7.1-icu70.patch 2KB
mariadb_10.4_install_db.patch 1KB
mysql-5.5-fix-arm-client_plugin.patch 1KB
php-8.0-openssl3.0.patch 774B
php-7.3-openssl3.0.patch 770B
php-7.4-openssl3.0.patch 770B
php-7.2-openssl3.0.patch 770B
php-7.1-openssl3.0.patch 770B
php-5.5-5.6-asm-aarch64.patch 628B
libmemcached-1.0.18-gcc7.patch 590B
nginx-libxcrypt.patch 424B
共 168 条
- 1
- 2
资源评论
wangzhaohan2910
- 粉丝: 1
- 资源: 22
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功