You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Federico Mennite <fe...@lifeware.ch> on 2003/03/22 22:10:07 UTC

New patch for preventing reverse lookups mod_proxy

Hi,
as suggested a while back (I've been a bit busy) by members of this list 
I changed the patch so that mod_proxy respects HostnameLookups when 
dealing reverse lookups.

I'm not happy with it tough, because I had to add an API funtcion to the 
apache core. Since i'm quite new to apache internals here's a question:
Is there an alternative path to follow? If not, what about an API 
function similar to ap_get_remote_logname() but that instead of 
returning a string, works with the same kind of parameters of 
*ap_proxy_host2addr()?

Notes:
- in proxy_util.c/proxy_match_ipaddr(): the call to ap_proxy_host2addr() 
has been forced to reverse lookups indipendently from configuration 
settings. Otherwhise when the parameter for NoProxy is an IP address, it 
wouldn't have the same matching it had previously. I think tough, it 
could be made configuration dependent.
- in proxy_util.c/ap_proxy_is_hostname(): the call to 
ap_proxy_host2addr() has been forced to NOT perform any reverse lookups. 
It simply doesn't make sense unless I'm missing something.
- in mod_proxy.c/set_proxy_exclude() and set_cache_exclude(): the calls 
to ap_proxy_host2addr() depend on configuration. Probably they could be 
forced to NO reverse lookups.

Regards.

--
Federico Mennite

Re: New patch for preventing reverse lookups mod_proxy

Posted by Graham Leggett <mi...@sharp.fm>.

Federico Mennite wrote:

> as suggested a while back (I've been a bit busy) by members of this list 
> I changed the patch so that mod_proxy respects HostnameLookups when 
> dealing reverse lookups.
> 
> I'm not happy with it tough, because I had to add an API funtcion to the 
> apache core. Since i'm quite new to apache internals here's a question:
> Is there an alternative path to follow? If not, what about an API 
> function similar to ap_get_remote_logname() but that instead of 
> returning a string, works with the same kind of parameters of 
> *ap_proxy_host2addr()?
> 
> Notes:
> - in proxy_util.c/proxy_match_ipaddr(): the call to ap_proxy_host2addr() 
> has been forced to reverse lookups indipendently from configuration 
> settings. Otherwhise when the parameter for NoProxy is an IP address, it 
> wouldn't have the same matching it had previously. I think tough, it 
> could be made configuration dependent.
> - in proxy_util.c/ap_proxy_is_hostname(): the call to 
> ap_proxy_host2addr() has been forced to NOT perform any reverse lookups. 
> It simply doesn't make sense unless I'm missing something.
> - in mod_proxy.c/set_proxy_exclude() and set_cache_exclude(): the calls 
> to ap_proxy_host2addr() depend on configuration. Probably they could be 
> forced to NO reverse lookups.

Has anyone else got opinions on this? Much of the lookup code in proxy 
was left unaltered from when it was originally written, and in theory 
this patch seems sane, though I wouldn't be able to be sure as I didn't 
overhaul this particular code.

So far I am +1 on this.

Regards,
Graham
-- 
-----------------------------------------
minfrin@sharp.fm		"There's a moon
					over Bourbon Street
						tonight..."