You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Federico Mennite <fe...@lifeware.ch> on 2003/03/22 22:10:07 UTC
New patch for preventing reverse lookups mod_proxy
Hi,
as suggested a while back (I've been a bit busy) by members of this list
I changed the patch so that mod_proxy respects HostnameLookups when
dealing reverse lookups.
I'm not happy with it tough, because I had to add an API funtcion to the
apache core. Since i'm quite new to apache internals here's a question:
Is there an alternative path to follow? If not, what about an API
function similar to ap_get_remote_logname() but that instead of
returning a string, works with the same kind of parameters of
*ap_proxy_host2addr()?
Notes:
- in proxy_util.c/proxy_match_ipaddr(): the call to ap_proxy_host2addr()
has been forced to reverse lookups indipendently from configuration
settings. Otherwhise when the parameter for NoProxy is an IP address, it
wouldn't have the same matching it had previously. I think tough, it
could be made configuration dependent.
- in proxy_util.c/ap_proxy_is_hostname(): the call to
ap_proxy_host2addr() has been forced to NOT perform any reverse lookups.
It simply doesn't make sense unless I'm missing something.
- in mod_proxy.c/set_proxy_exclude() and set_cache_exclude(): the calls
to ap_proxy_host2addr() depend on configuration. Probably they could be
forced to NO reverse lookups.
Regards.
--
Federico Mennite
Re: New patch for preventing reverse lookups mod_proxy
Posted by Graham Leggett <mi...@sharp.fm>.
Federico Mennite wrote:
> as suggested a while back (I've been a bit busy) by members of this list
> I changed the patch so that mod_proxy respects HostnameLookups when
> dealing reverse lookups.
>
> I'm not happy with it tough, because I had to add an API funtcion to the
> apache core. Since i'm quite new to apache internals here's a question:
> Is there an alternative path to follow? If not, what about an API
> function similar to ap_get_remote_logname() but that instead of
> returning a string, works with the same kind of parameters of
> *ap_proxy_host2addr()?
>
> Notes:
> - in proxy_util.c/proxy_match_ipaddr(): the call to ap_proxy_host2addr()
> has been forced to reverse lookups indipendently from configuration
> settings. Otherwhise when the parameter for NoProxy is an IP address, it
> wouldn't have the same matching it had previously. I think tough, it
> could be made configuration dependent.
> - in proxy_util.c/ap_proxy_is_hostname(): the call to
> ap_proxy_host2addr() has been forced to NOT perform any reverse lookups.
> It simply doesn't make sense unless I'm missing something.
> - in mod_proxy.c/set_proxy_exclude() and set_cache_exclude(): the calls
> to ap_proxy_host2addr() depend on configuration. Probably they could be
> forced to NO reverse lookups.
Has anyone else got opinions on this? Much of the lookup code in proxy
was left unaltered from when it was originally written, and in theory
this patch seems sane, though I wouldn't be able to be sure as I didn't
overhaul this particular code.
So far I am +1 on this.
Regards,
Graham
--
-----------------------------------------
minfrin@sharp.fm "There's a moon
over Bourbon Street
tonight..."