mturk 2005/05/07 01:15:47
Modified: jk/native/apache-1.3 mod_jk.c
jk/native/apache-2.0 mod_jk.c
jk/native/common jk_global.h jk_version.h
jk/xdocs changelog.xml
jk/xdocs/config apache.xml
Log:
Added ForwardLocalAddress JkOptions flag. This can be used to limit
the access to Tomcat using remote address valve with AJP protocol.
Revision Changes Path
1.80 +28 -3 jakarta-tomcat-connectors/jk/native/apache-1.3/mod_jk.c
Index: mod_jk.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native/apache-1.3/mod_jk.c,v
retrieving revision 1.79
retrieving revision 1.80
diff -u -r1.79 -r1.80
--- mod_jk.c 30 Apr 2005 06:02:49 -0000 1.79
+++ mod_jk.c 7 May 2005 08:15:47 -0000 1.80
@@ -65,6 +65,7 @@
#define JK_DURATION ("jakarta.worker.duration")
#define JK_MAGIC_TYPE ("application/x-jakarta-servlet")
#define NULL_FOR_EMPTY(x) ((x && !strlen(x)) ? NULL : x)
+#define STRNULL_FOR_NULL(x) ((x) ? (x) : "(null)")
/*
* If you are not using SSL, comment out the following line. It will make
@@ -447,8 +448,11 @@
(char *)ap_get_remote_host(r->connection, r->per_dir_config,
REMOTE_HOST);
s->remote_host = NULL_FOR_EMPTY(s->remote_host);
-
- s->remote_addr = NULL_FOR_EMPTY(r->connection->remote_ip);
+
+ if (conf->options & JK_OPT_FWDLOCAL)
+ s->remote_addr = NULL_FOR_EMPTY(r->connection->local_ip);
+ else
+ s->remote_addr = NULL_FOR_EMPTY(r->connection->remote_ip);
/* get server name */
/* s->server_name = (char *)(r->hostname ? r->hostname :
r->server->server_hostname); */
@@ -468,6 +472,24 @@
s->no_more_chunks = 0;
s->query_string = r->args;
+ /* Dump all connection param so we can trace what's going to
+ * the remote tomcat
+ */
+ if (JK_IS_DEBUG_LEVEL(conf->log)) {
+ jk_log(conf->log, JK_LOG_DEBUG,
+ "Service protocol=%s method=%s host=%s addrr=%s name=%s
port=%d auth=%s user=%s laddr=%s raddr=%s",
+ STRNULL_FOR_NULL(s->protocol),
+ STRNULL_FOR_NULL(s->method),
+ STRNULL_FOR_NULL(s->remote_host),
+ STRNULL_FOR_NULL(s->remote_addr),
+ STRNULL_FOR_NULL(s->server_name),
+ s->server_port,
+ STRNULL_FOR_NULL(s->auth_type),
+ STRNULL_FOR_NULL(s->remote_user),
+ STRNULL_FOR_NULL(r->connection->local_ip),
+ STRNULL_FOR_NULL(r->connection->remote_ip));
+ }
+
/*
* The 2.2 servlet spec errata says the uri from
* HttpServletRequest.getRequestURI() should remain encoded.
@@ -1478,6 +1500,9 @@
else if (!strcasecmp(w, "ForwardDirectories")) {
opt = JK_OPT_FWDDIRS;
}
+ else if (!strcasecmp(w, "ForwardLocalAddress")) {
+ opt = JK_OPT_FWDLOCAL;
+ }
else
return ap_pstrcat(cmd->pool, "JkOptions: Illegal option '", w,
"'", NULL);
1.143 +27 -17 jakarta-tomcat-connectors/jk/native/apache-2.0/mod_jk.c
Index: mod_jk.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native/apache-2.0/mod_jk.c,v
retrieving revision 1.142
retrieving revision 1.143
diff -u -r1.142 -r1.143
--- mod_jk.c 30 Apr 2005 06:02:19 -0000 1.142
+++ mod_jk.c 7 May 2005 08:15:47 -0000 1.143
@@ -99,7 +99,7 @@
#define JK_DURATION ("jakarta.worker.duration")
#define JK_MAGIC_TYPE ("application/x-jakarta-servlet")
#define NULL_FOR_EMPTY(x) ((x && !strlen(x)) ? NULL : x)
-
+#define STRNULL_FOR_NULL(x) ((x) ? (x) : "(null)")
/*
* If you are not using SSL, comment out the following line. It will make
* apache run faster.
@@ -474,21 +474,10 @@
r->per_dir_config,
REMOTE_HOST, NULL);
s->remote_host = NULL_FOR_EMPTY(s->remote_host);
- s->remote_addr = NULL_FOR_EMPTY(r->connection->remote_ip);
-
- /* Dump all connection param so we can trace what's going to
- * the remote tomcat
- */
- if (JK_IS_DEBUG_LEVEL(conf->log))
- jk_log(conf->log, JK_LOG_DEBUG,
- "agsp=%u agsn=%s hostn=%s shostn=%s cbsport=%d sport=%d
claport=%d",
- ap_get_server_port(r),
- ap_get_server_name(r) != NULL ? ap_get_server_name(r) : "",
- r->hostname != NULL ? r->hostname : "",
- r->server->server_hostname !=
- NULL ? r->server->server_hostname : "",
- r->connection->base_server->port, r->server->port,
- r->connection->local_addr->port);
+ if (conf->options & JK_OPT_FWDLOCAL)
+ s->remote_addr = NULL_FOR_EMPTY(r->connection->local_ip);
+ else
+ s->remote_addr = NULL_FOR_EMPTY(r->connection->remote_ip);
/* get server name */
s->server_name = (char *)ap_get_server_name(r);
@@ -513,6 +502,24 @@
s->query_string = r->args;
#endif
+ /* Dump all connection param so we can trace what's going to
+ * the remote tomcat
+ */
+ if (JK_IS_DEBUG_LEVEL(conf->log)) {
+ jk_log(conf->log, JK_LOG_DEBUG,
+ "Service protocol=%s method=%s host=%s addrr=%s name=%s
port=%d auth=%s user=%s laddr=%s raddr=%s",
+ STRNULL_FOR_NULL(s->protocol),
+ STRNULL_FOR_NULL(s->method),
+ STRNULL_FOR_NULL(s->remote_host),
+ STRNULL_FOR_NULL(s->remote_addr),
+ STRNULL_FOR_NULL(s->server_name),
+ s->server_port,
+ STRNULL_FOR_NULL(s->auth_type),
+ STRNULL_FOR_NULL(s->remote_user),
+ STRNULL_FOR_NULL(r->connection->local_ip),
+ STRNULL_FOR_NULL(r->connection->remote_ip));
+ }
+
/*
* The 2.2 servlet spec errata says the uri from
* HttpServletRequest.getRequestURI() should remain encoded.
@@ -1515,6 +1522,9 @@
else if (!strcasecmp(w, "ForwardDirectories")) {
opt = JK_OPT_FWDDIRS;
}
+ else if (!strcasecmp(w, "ForwardLocalAddress")) {
+ opt = JK_OPT_FWDLOCAL;
+ }
else
return apr_pstrcat(cmd->pool, "JkOptions: Illegal option '", w,
"'", NULL);
1.48 +3 -1 jakarta-tomcat-connectors/jk/native/common/jk_global.h
Index: jk_global.h
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native/common/jk_global.h,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -r1.47 -r1.48
--- jk_global.h 21 Apr 2005 11:18:44 -0000 1.47
+++ jk_global.h 7 May 2005 08:15:47 -0000 1.48
@@ -207,6 +207,8 @@
#define JK_OPT_FWDKEYSIZE 0x0004
#define JK_OPT_FWDDIRS 0x0008
+/* Forward local instead remote address */
+#define JK_OPT_FWDLOCAL 0x0010
/* Check for EBCDIC systems */
1.40 +2 -2 jakarta-tomcat-connectors/jk/native/common/jk_version.h
Index: jk_version.h
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native/common/jk_version.h,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- jk_version.h 28 Apr 2005 18:09:28 -0000 1.39
+++ jk_version.h 7 May 2005 08:15:47 -0000 1.40
@@ -32,7 +32,7 @@
#define JK_VERBETA 0
#define JK_BETASTRING "0"
/* set JK_VERISRELEASE to 1 when release (do not forget to commit!) */
-#define JK_VERISRELEASE 0
+#define JK_VERISRELEASE 1
#define JK_VERRC 0
#define JK_RCSTRING "0"
1.29 +4 -0 jakarta-tomcat-connectors/jk/xdocs/changelog.xml
Index: changelog.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jk/xdocs/changelog.xml,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- changelog.xml 5 May 2005 15:59:10 -0000 1.28
+++ changelog.xml 7 May 2005 08:15:47 -0000 1.29
@@ -25,6 +25,10 @@
<br />
<subsection name="Native">
<changelog>
+ <update>
+ Added ForwardLocallAddres JkOptions flag for passing local instead
remote
+ address. Useful for remote addr valve. (mturk)
+ </update>
<fix>Fix that worker not used, when stopped flag is true. (pero)
</fix>
<update>
1.12 +14 -0 jakarta-tomcat-connectors/jk/xdocs/config/apache.xml
Index: apache.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jk/xdocs/config/apache.xml,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- apache.xml 23 Feb 2005 08:10:20 -0000 1.11
+++ apache.xml 7 May 2005 08:15:47 -0000 1.12
@@ -310,6 +310,20 @@
</p>
<p>
+JkOptions <b>ForwardLocalAddress</b>, you told mod_jk to send the local
address,
+of the Apache web server instead remote client address. This can be used by
+Tomcat remote address valve for allowing connections only from registered
Apache
+web servers.
+
+<source>
+ JkOptions +ForwardLocalAddress
+</source>
+
+<br/>
+<br/>
+</p>
+
+<p>
The directive <b>JkEnvVar</b> allow you to forward an environment vars from
Apache server to Tomcat engine.
<source>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
