You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Jeff Trawick <tr...@gmail.com> on 2005/06/15 20:06:17 UTC

Re: [PATCH] ProxyRemote + ProxyBlock oddness

On 4/25/05, Eric Covener <co...@gmail.com> wrote:

> I've attached a patch that resolves the hostname in the URI and hands
> that off separately to ap_proxy_checkproxyblock().   Not quite sure of
> the pool usage though.

pool looks right to me...

> 
> In the event that we're forwarding to another proxy and no ProxyBlocks
> are in the config, the lookup of the URI hostname is avoided.

This part is in your somewhat-related 2.0 proxy fix as well:

+    if (conf->noproxies->nelts > 0)  {
+            err = apr_sockaddr_info_get(&uri_addr,

I think there should be a helper function ap_proxy_hasproxyblock() to
perform this check, so that the knowledge of that data structure is
restricted.

Any comments from the peanut gallery, particularly the proxy portion?

Re: [PATCH] ProxyRemote + ProxyBlock oddness

Posted by Jeff Trawick <tr...@gmail.com>.

On 10/3/05, Eric Covener <co...@gmail.com> wrote:
> On 6/15/05, Jeff Trawick <tr...@gmail.com> wrote:
> > On 4/25/05, Eric Covener <co...@gmail.com> wrote:
> >
> > > I've attached a patch that resolves the hostname in the URI and hands
> > > that off separately to ap_proxy_checkproxyblock().
>
> > Any comments from the peanut gallery, particularly the proxy portion?
>
> Just revisiting this issue that still appears in 2.1.8...when proxying
> by way of another proxy (ProxyRemote), httpd will compare that
> ProxyRemote backend address to the list of ProxyBlocks. It should
> compare the address in the URI.

unclear to me that uri_addr is always set in this patch (probably I'm
confused, but hints would be appreciated)

Re: [PATCH] ProxyRemote + ProxyBlock oddness

Posted by Eric Covener <co...@gmail.com>.

On 6/15/05, Jeff Trawick <tr...@gmail.com> wrote:
> On 4/25/05, Eric Covener <co...@gmail.com> wrote:
>
> > I've attached a patch that resolves the hostname in the URI and hands
> > that off separately to ap_proxy_checkproxyblock().

> Any comments from the peanut gallery, particularly the proxy portion?

Just revisiting this issue that still appears in 2.1.8...when proxying
by way of another proxy (ProxyRemote), httpd will compare that
ProxyRemote backend address to the list of ProxyBlocks. It should
compare the address in the URI.

<VirtualHost *:8080>
    ProxyRequests on
    ProxyRemote * http://nextproxy:8081
   ProxyBlock blockedhost
</VirtualHost>

When a browser requests something from the server 'blockedhost':

[debug] proxy_util.c(872): proxy: checking remote machine [nextproxy]
against [blockedhost]

Would expect to see a check of blockedhost against blockedhost, as in 2.0

--
Eric Covener
covener@gmail.com