You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ig...@apache.org on 2011/01/19 13:48:17 UTC

svn commit: r1060795 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_proxy.xml modules/proxy/mod_proxy.c modules/proxy/mod_proxy.h modules/proxy/mod_proxy_http.c

Author: igalic
Date: Wed Jan 19 12:48:17 2011
New Revision: 1060795

URL: http://svn.apache.org/viewvc?rev=1060795&view=rev
Log:
Add a patch from Vincent Deffontaines to make the adding of X-forwarded-*
headers configurable: ProxyAddHeaders, defaulting to 'On'.
http://www.mail-archive.com/dev@httpd.apache.org/msg49971.html

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml
    httpd/httpd/trunk/modules/proxy/mod_proxy.c
    httpd/httpd/trunk/modules/proxy/mod_proxy.h
    httpd/httpd/trunk/modules/proxy/mod_proxy_http.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1060795&r1=1060794&r2=1060795&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Wed Jan 19 12:48:17 2011
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.3.11
 
+  *) mod_proxy_http: make adding of X-Forwarded-* headers configurable.
+     ProxyAddHeaders defaults to On. [Vincent Deffontaines]
+
   *) mod_slotmem_shm: Increase memory alignment for slotmem data.
      [Rainer Jung]
 

Modified: httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml?rev=1060795&r1=1060794&r2=1060795&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml Wed Jan 19 12:48:17 2011
@@ -1702,4 +1702,25 @@ header for proxied requests</description
 </usage>
 </directivesynopsis>
 
+<directivesynopsis>
+<name>ProxyAddHeaders</name>
+<description>Add proxy information in X-Forwarded-* headers</description>
+<syntax>ProxyAddHeaders Off|On</syntax>
+<default>ProxyAddHeaders On</default>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+</contextlist>
+<compatibility>Available in version 2.3.10 and later</compatibility>
+
+<usage>
+    <p>This directive determines whether or not proxy related information should be passed to the
+    backend server through X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server HTTP headers.</p>
+    <note><title>Effectiveness</title>
+     <p>This option is of use only for HTTP proxying, as handled by <module>mod_proxy_http</module>.</p>
+    </note>
+
+
+</usage>
+</directivesynopsis>
 </modulesynopsis>

Modified: httpd/httpd/trunk/modules/proxy/mod_proxy.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy.c?rev=1060795&r1=1060794&r2=1060795&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/mod_proxy.c (original)
+++ httpd/httpd/trunk/modules/proxy/mod_proxy.c Wed Jan 19 12:48:17 2011
@@ -1246,6 +1246,7 @@ static void *create_proxy_dir_config(apr
     new->interpolate_env = -1; /* unset */
     new->error_override = 0;
     new->error_override_set = 0;
+    new->add_forwarded_headers = 1;
 
     return (void *) new;
 }
@@ -1278,6 +1279,7 @@ static void *merge_proxy_dir_config(apr_
     new->error_override_set = add->error_override_set || base->error_override_set;
     new->alias = (add->alias_set == 0) ? base->alias : add->alias;
     new->alias_set = add->alias_set || base->alias_set;
+    new->add_forwarded_headers = add->add_forwarded_headers;
     return new;
 }
 
@@ -1709,6 +1711,13 @@ static const char *
     return NULL;
 }
 static const char *
+   add_proxy_http_headers(cmd_parms *parms, void *dconf, int flag)
+{
+   proxy_dir_conf *conf = dconf;
+   conf->add_forwarded_headers = flag;
+   return NULL;
+}
+static const char *
     set_preserve_host(cmd_parms *parms, void *dconf, int flag)
 {
     proxy_dir_conf *conf = dconf;
@@ -2225,6 +2234,8 @@ static const command_rec proxy_cmds[] =
      "A balancer or worker name with list of params"),
     AP_INIT_TAKE1("ProxySourceAddress", set_source_address, NULL, RSRC_CONF,
      "Configure local source IP used for request forward"),
+    AP_INIT_FLAG("ProxyAddHeaders", add_proxy_http_headers, NULL, RSRC_CONF|ACCESS_CONF,
+     "on if X-Forwarded-* headers should be added or completed"),
     {NULL}
 };
 

Modified: httpd/httpd/trunk/modules/proxy/mod_proxy.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy.h?rev=1060795&r1=1060794&r2=1060795&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/mod_proxy.h (original)
+++ httpd/httpd/trunk/modules/proxy/mod_proxy.h Wed Jan 19 12:48:17 2011
@@ -206,6 +206,7 @@ typedef struct {
     int preserve_host_set:1;
     int error_override_set:1;
     int alias_set:1;
+    int add_forwarded_headers:1;
 } proxy_dir_conf;
 
 /* if we interpolate env vars per-request, we'll need a per-request

Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_http.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?rev=1060795&r1=1060794&r2=1060795&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/mod_proxy_http.c (original)
+++ httpd/httpd/trunk/modules/proxy/mod_proxy_http.c Wed Jan 19 12:48:17 2011
@@ -851,29 +851,30 @@ int ap_proxy_http_request(apr_pool_t *p,
      * a forward proxy configuation instead of X-Forwarded-*. See the
      * ProxyVia option for details.
      */
-
-    if (PROXYREQ_REVERSE == r->proxyreq) {
-        const char *buf;
-
-        /* Add X-Forwarded-For: so that the upstream has a chance to
-         * determine, where the original request came from.
-         */
-        apr_table_mergen(r->headers_in, "X-Forwarded-For",
-                         c->remote_ip);
-
-        /* Add X-Forwarded-Host: so that upstream knows what the
-         * original request hostname was.
-         */
-        if ((buf = apr_table_get(r->headers_in, "Host"))) {
-            apr_table_mergen(r->headers_in, "X-Forwarded-Host", buf);
-        }
-
-        /* Add X-Forwarded-Server: so that upstream knows what the
-         * name of this proxy server is (if there are more than one)
-         * XXX: This duplicates Via: - do we strictly need it?
-         */
-        apr_table_mergen(r->headers_in, "X-Forwarded-Server",
-                         r->server->server_hostname);
+    if (dconf->add_forwarded_headers) {
+       if (PROXYREQ_REVERSE == r->proxyreq) {
+           const char *buf;
+
+           /* Add X-Forwarded-For: so that the upstream has a chance to
+            * determine, where the original request came from.
+            */
+           apr_table_mergen(r->headers_in, "X-Forwarded-For",
+                            c->remote_ip);
+
+           /* Add X-Forwarded-Host: so that upstream knows what the
+            * original request hostname was.
+            */
+           if ((buf = apr_table_get(r->headers_in, "Host"))) {
+               apr_table_mergen(r->headers_in, "X-Forwarded-Host", buf);
+           }
+
+           /* Add X-Forwarded-Server: so that upstream knows what the
+            * name of this proxy server is (if there are more than one)
+            * XXX: This duplicates Via: - do we strictly need it?
+            */
+           apr_table_mergen(r->headers_in, "X-Forwarded-Server",
+                            r->server->server_hostname);
+       }
     }
 
     proxy_run_fixups(r);