Hi, list,
attaching same patch with small correction to the one submitted
previously (was unnecessary double check for PROXYREQ_REVERSE).
Patch is for httpd-2.2.x branch.
On 2/28/07, Dziugas Baltrunas <[EMAIL PROTECTED]> wrote:
Hi list,
for those of us who are using Apache HTTPD as a "internet" proxy (a
combination of forward and reverse proxy modes) it's important that
requests going to the remote servers (which are not "known" backends
but anonymous boxes in this case) would look the same independently
whether the original request came in reverse or forward fashion.
Currently mod_proxy_http adds X-Forwarded-* headers unconditionally
when we have a reverse proxy request and never for forward proxy
requests.
Attached patch adds a new ProxyAddXHeaders directive with a possible
options of On|Off|ReverseOnly, later option leaving the default in
order not to break compatibility with current configurations. With
this option it is possible to always add X-Forwarded-For,
X-Forwarded-Host and X-Forwarded-Server headers for both reverse and
forward proxy modes, for reverse proxy only or not to add them at all.
Comments and suggestions are welcome.
--
Dziugas Baltrunas
--
Dziugas Baltrunas
Index: docs/manual/mod/mod_proxy.html.en
===================================================================
--- docs/manual/mod/mod_proxy.html.en (revision 512643)
+++ docs/manual/mod/mod_proxy.html.en (working copy)
@@ -83,6 +83,7 @@
<li><img alt="" src="../images/down.gif" /> <a
href="#proxyrequests">ProxyRequests</a></li>
<li><img alt="" src="../images/down.gif" /> <a
href="#proxytimeout">ProxyTimeout</a></li>
<li><img alt="" src="../images/down.gif" /> <a
href="#proxyvia">ProxyVia</a></li>
+<li><img alt="" src="../images/down.gif" /> <a
href="#proxyaddxheaders">ProxyAddXHeaders</a></li>
</ul>
<h3>Topics</h3>
<ul id="topics">
@@ -1168,11 +1169,33 @@
</ul>
</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="directive-section"><h2><a name="ProxyAddXHeaders"
id="ProxyAddXHeaders">ProxyAddXHeaders</a> <a name="proxyaddxheaders"
id="proxaddxheaders">Directive</a></h2>
+<table class="directive">
+<tr><th><a
href="directive-dict.html#Description">Description:</a></th><td>Information
provided in <code>X-Forwarded-For</code>,
+<code>X-Forwarded-Host</code> and <code>X-Forwarded-Server</code>
headers.</td></tr>
+<tr><th><a
href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyAddXHeaders
On|Off|ReverseOnly</code></td></tr>
+<tr><th><a
href="directive-dict.html#Default">Default:</a></th><td><code>ProxyAddXHeaders
ReverseOnly</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config, virtual host</td></tr>
+<tr><th><a
href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a
href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+</table>
+ <p>This directive controls the use of the <code>X-Forwarded-For</code>,
<code>X-Forwarded-Host</code> and <code>X-Forwarded-Server</code> headers.</p>
+ <ul>
+ <li>If set to <code>ReverseOnly</code>, which is the default,
<code>X-Forwarded-*</code> headers are only added when
+ we have a reverse proxy request.</li>
+
+ <li>If set to <code>On</code>, <code>X-Forwarded-*</code> headers are
added both for reverse and forward proxy requests.</li>
+
+ <li>If set to <code>Off</code>, no <code>X-Forwarded-*</code> headers are
added for either reverse or forward proxy requests.</li>
+
+ </ul>
</div>
+</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_proxy.html"
title="English"> en </a> |
<a href="../ja/mod/mod_proxy.html" hreflang="ja" rel="alternate"
title="Japanese"> ja </a></p>
</div><div id="footer">
<p class="apache">Copyright 2006 The Apache Software Foundation.<br />Licensed
under the <a href="http://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>.</p>
<p class="menu"><a href="../mod/">Modules</a> | <a
href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a
href="../glossary.html">Glossary</a> | <a
href="../sitemap.html">Sitemap</a></p></div>
-</body></html>
\ No newline at end of file
+</body></html>
Index: modules/proxy/mod_proxy_http.c
===================================================================
--- modules/proxy/mod_proxy_http.c (revision 512643)
+++ modules/proxy/mod_proxy_http.c (working copy)
@@ -699,7 +699,7 @@
* ProxyVia option for details.
*/
- if (PROXYREQ_REVERSE == r->proxyreq) {
+ if (conf->x_fwd_for == x_fwd_on || (conf->x_fwd_for == x_fwd_reverse &&
PROXYREQ_REVERSE == r->proxyreq)) {
const char *buf;
/* Add X-Forwarded-For: so that the upstream has a chance to
@@ -711,7 +711,8 @@
/* Add X-Forwarded-Host: so that upstream knows what the
* original request hostname was.
*/
- if ((buf = apr_table_get(r->headers_in, "Host"))) {
+ buf = (PROXYREQ_REVERSE == r->proxyreq) ? apr_table_get(r->headers_in,
"Host") : r->hostname;
+ if (buf) {
apr_table_mergen(r->headers_in, "X-Forwarded-Host", buf);
}
Index: modules/proxy/mod_proxy.c
===================================================================
--- modules/proxy/mod_proxy.c (revision 512643)
+++ modules/proxy/mod_proxy.c (working copy)
@@ -870,6 +870,8 @@
ps->timeout_set = 0;
ps->badopt = bad_error;
ps->badopt_set = 0;
+ ps->x_fwd_for = x_fwd_reverse;
+ ps->x_fwd_for_set = 0;
ps->pool = p;
return ps;
@@ -913,6 +915,8 @@
ps->badopt_set = overrides->badopt_set || base->badopt_set;
ps->proxy_status = (overrides->proxy_status_set == 0) ? base->proxy_status
: overrides->proxy_status;
ps->proxy_status_set = overrides->proxy_status_set ||
base->proxy_status_set;
+ ps->x_fwd_for = (overrides->x_fwd_for_set == 0) ? base->x_fwd_for :
overrides->x_fwd_for;
+ ps->x_fwd_for_set = overrides->x_fwd_for_set || base->x_fwd_for_set;
ps->pool = p;
return ps;
}
@@ -1444,6 +1448,28 @@
return NULL;
}
+static const char*
+ set_x_fwd_for_opt(cmd_parms *parms, void *dummy, const char *arg)
+{
+ proxy_server_conf *psf =
+ ap_get_module_config(parms->server->module_config, &proxy_module);
+
+ if (strcasecmp(arg, "Off") == 0)
+ psf->x_fwd_for = x_fwd_off;
+ else if (strcasecmp(arg, "On") == 0)
+ psf->x_fwd_for = x_fwd_on;
+ else if (strcasecmp(arg, "ReverseOnly") == 0)
+ psf->x_fwd_for = x_fwd_reverse;
+ else {
+ return "ProxyAddXHeaders must be one of: "
+ "off | on | reverseonly";
+ }
+
+ psf->x_fwd_for_set = 1;
+ return NULL;
+}
+
+
static const char *add_member(cmd_parms *cmd, void *dummy, const char *arg)
{
server_rec *s = cmd->server;
@@ -1728,6 +1754,8 @@
"A balancer name and scheme with list of params"),
AP_INIT_TAKE1("ProxyStatus", set_status_opt, NULL, RSRC_CONF,
"Configure Status: proxy status to one of: on | off | full"),
+ AP_INIT_TAKE1("ProxyAddXHeaders", set_x_fwd_for_opt, NULL, RSRC_CONF,
+ "Defines when X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server
headers are sent to backend"),
AP_INIT_RAW_ARGS("ProxySet", set_proxy_param, NULL, RSRC_CONF|ACCESS_CONF,
"A balancer or worker name with list of params"),
{NULL}
Index: modules/proxy/mod_proxy.h
===================================================================
--- modules/proxy/mod_proxy.h (revision 512643)
+++ modules/proxy/mod_proxy.h (working copy)
@@ -185,6 +185,12 @@
status_full
} proxy_status; /* Status display options */
char proxy_status_set;
+ enum {
+ x_fwd_on,
+ x_fwd_reverse,
+ x_fwd_off
+ } x_fwd_for;
+ char x_fwd_for_set;
apr_pool_t *pool; /* Pool used for allocating this struct */
} proxy_server_conf;
