svn commit: r1566311 - in /tomcat/jk/trunk: native/apache-2.0/mod_jk.c native/common/jk_global.h xdocs/generic_howto/proxy.xml xdocs/miscellaneous/changelog.xml xdocs/reference/apache.xml xdocs/webserver_howto/apache.xml

Sun, 09 Feb 2014 08:41:37 -0800 

Author: rjung
Date: Sun Feb  9 16:40:28 2014
New Revision: 1566311

URL: http://svn.apache.org/r1566311
Log:
Introduce new JkOptions ForwardPhysicalAddress.
By default mod_jk will now forward the logical IP
address as provided e.g. by mod_remote_ip.
If JkOptions ForwardPhysicalAddress is set, it will
instead forward the physical IP address of the TCP peer.

Modified:
    tomcat/jk/trunk/native/apache-2.0/mod_jk.c
    tomcat/jk/trunk/native/common/jk_global.h
    tomcat/jk/trunk/xdocs/generic_howto/proxy.xml
    tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml
    tomcat/jk/trunk/xdocs/reference/apache.xml
    tomcat/jk/trunk/xdocs/webserver_howto/apache.xml

Modified: tomcat/jk/trunk/native/apache-2.0/mod_jk.c
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/apache-2.0/mod_jk.c?rev=1566311&r1=1566310&r2=1566311&view=diff
==============================================================================
--- tomcat/jk/trunk/native/apache-2.0/mod_jk.c (original)
+++ tomcat/jk/trunk/native/apache-2.0/mod_jk.c Sun Feb  9 16:40:28 2014
@@ -785,8 +785,13 @@ static int init_ws_service(apache_privat
     }
     else {
 #if (MODULE_MAGIC_NUMBER_MAJOR >= 20111130)
-        s->remote_addr = r->connection->client_ip;
-        s->remote_port = apr_itoa(r->pool, r->connection->client_addr->port);
+        if (conf->options & JK_OPT_FWDPHYSICAL) {
+            s->remote_addr = r->connection->client_ip;
+            s->remote_port = apr_itoa(r->pool, 
r->connection->client_addr->port);
+        } else {
+            s->remote_addr = r->useragent_ip;
+            s->remote_port = apr_itoa(r->pool, r->useragent_addr->port);
+        }
 #else
         s->remote_addr = r->connection->remote_ip;
         s->remote_port = apr_itoa(r->pool, r->connection->remote_addr->port);
@@ -1101,7 +1106,7 @@ static int init_ws_service(apache_privat
      */
     if (JK_IS_DEBUG_LEVEL(conf->log)) {
         jk_log(conf->log, JK_LOG_DEBUG,
-               "Service protocol=%s method=%s ssl=%s host=%s addr=%s name=%s 
port=%d auth=%s user=%s laddr=%s raddr=%s uri=%s",
+               "Service protocol=%s method=%s ssl=%s host=%s addr=%s name=%s 
port=%d auth=%s user=%s laddr=%s raddr=%s uaddr=%s uri=%s",
                STRNULL_FOR_NULL(s->protocol),
                STRNULL_FOR_NULL(s->method),
                s->is_ssl ? "true" : "false",
@@ -1114,8 +1119,10 @@ static int init_ws_service(apache_privat
                STRNULL_FOR_NULL(r->connection->local_ip),
 #if (MODULE_MAGIC_NUMBER_MAJOR >= 20111130)
                STRNULL_FOR_NULL(r->connection->client_ip),
+               STRNULL_FOR_NULL(r->useragent_ip),
 #else
                STRNULL_FOR_NULL(r->connection->remote_ip),
+               STRNULL_FOR_NULL(r->connection->remote_ip),
 #endif
                STRNULL_FOR_NULL(s->req_uri));
     }
@@ -2206,6 +2213,11 @@ static const char *jk_set_options(cmd_pa
         }
         else if (!strcasecmp(w, "ForwardLocalAddress")) {
             opt = JK_OPT_FWDLOCAL;
+            mask = JK_OPT_FWDADDRMASK;
+        }
+        else if (!strcasecmp(w, "ForwardPhysicalAddress")) {
+            opt = JK_OPT_FWDPHYSICAL;
+            mask = JK_OPT_FWDADDRMASK;
         }
         else if (!strcasecmp(w, "FlushPackets")) {
             opt = JK_OPT_FLUSHPACKETS;

Modified: tomcat/jk/trunk/native/common/jk_global.h
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_global.h?rev=1566311&r1=1566310&r2=1566311&view=diff
==============================================================================
--- tomcat/jk/trunk/native/common/jk_global.h (original)
+++ tomcat/jk/trunk/native/common/jk_global.h Sun Feb  9 16:40:28 2014
@@ -251,6 +251,7 @@ extern "C"
  */
 
 #define JK_OPT_FWDURIMASK           0x0007
+#define JK_OPT_FWDADDRMASK          0x0810
 
 #define JK_OPT_FWDURICOMPAT         0x0001
 #define JK_OPT_FWDURICOMPATUNPARSED 0x0002
@@ -268,6 +269,9 @@ extern "C"
 #define JK_OPT_FWDCERTCHAIN         0x0100
 #define JK_OPT_FWDKEYSIZE           0x0200
 #define JK_OPT_REJECTUNSAFE         0x0400
+/* Forward physical tcp peer address instead of
+ * client address as provided e.g. by httpd mod_remoteip. */
+#define JK_OPT_FWDPHYSICAL          0x0800
 
 #define JK_OPT_DEFAULT              (JK_OPT_FWDURIDEFAULT | JK_OPT_FWDKEYSIZE)
 

Modified: tomcat/jk/trunk/xdocs/generic_howto/proxy.xml
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/generic_howto/proxy.xml?rev=1566311&r1=1566310&r2=1566311&view=diff
==============================================================================
--- tomcat/jk/trunk/xdocs/generic_howto/proxy.xml (original)
+++ tomcat/jk/trunk/xdocs/generic_howto/proxy.xml Sun Feb  9 16:40:28 2014
@@ -188,10 +188,15 @@ For the details see the <a href="../refe
 </p>
 <p>All variables, that are not SSL-related have only been introduced in 
version 1.2.27.
 </p>
-<p>Finally there is a shortcut to forward the local IP of the web server as 
the remote IP.
-This can be useful, e.g. when using the Tomcat remote address valve for 
allowing connections
-only from registered Apache web servers. This feature is activated by setting
-<code>JkOptions ForwardLocalAddress</code>.
+<p>In addition there are two special shortcuts to influence the client IP 
address that is forwarded.
+Using <code>JkOptions ForwardLocalAddress</code> you can forward the local IP 
address of the web server
+as the client IP address. This can be useful, e.g. when using the Tomcat 
remote address valve for
+allowing connections only from registered Apache web servers.
+Using <code>JkOptions ForwardPhysicalAddress</code> you always forward the 
physical peer
+IP address as the client address. By default mod_jk
+uses the logical address as provided by the web server. For example the module
+mod_remoteip sets the logical IP address to the client IP forwarded by proxies
+in the <code>X-Forwarded-For</code> header.
 </p>
 </section>
 <section name="Tomcat AJP Connector Settings">

Modified: tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml?rev=1566311&r1=1566310&r2=1566311&view=diff
==============================================================================
--- tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml Sun Feb  9 16:40:28 2014
@@ -69,6 +69,11 @@
         Use max_packet_size also for request body forwarding. (rjung)
       </update>
       <update>
+        Apache 2.4: By default forward logical client address as provided by
+        mod_remoteip. When setting JkOptions ForwardPhysicalAddress mod_jk
+        will instead forward the physical peer address. (rjung)
+      </update>
+      <update>
         Minor documentation improvements. (rjung)
       </update>
     </changelog>

Modified: tomcat/jk/trunk/xdocs/reference/apache.xml
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/reference/apache.xml?rev=1566311&r1=1566310&r2=1566311&view=diff
==============================================================================
--- tomcat/jk/trunk/xdocs/reference/apache.xml (original)
+++ tomcat/jk/trunk/xdocs/reference/apache.xml Sun Feb  9 16:40:28 2014
@@ -793,7 +793,7 @@ file that Tomcat normally serves - for i
 </p>
 
 <p>
-JkOptions <b>ForwardLocalAddress</b>, you ask mod_jk to send the local address,
+Setting JkOptions <b>ForwardLocalAddress</b>, you ask mod_jk to send the local 
address,
 of the Apache web server instead remote client address. This can be used by
 Tomcat remote address valve for allowing connections only from registered 
Apache
 web servers.
@@ -801,7 +801,20 @@ web servers.
 <source>  
   JkOptions     +ForwardLocalAddress
 </source>
+<br/>
+<br/>
+</p>
 
+<p>
+Setting JkOptions <b>ForwardPhysicalAddress</b>, you ask mod_jk to send the
+physical peer TCP IP address as the client address. By default mod_jk
+uses the logical address as provided by the web server. For example the module
+mod_remoteip sets the logical IP address to the client IP forwarded by proxies
+in the <code>X-Forwarded-For</code> header.
+
+<source>  
+  JkOptions     +ForwardPhysicalAddress
+</source>
 <br/>
 <br/>
 </p>

Modified: tomcat/jk/trunk/xdocs/webserver_howto/apache.xml
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/webserver_howto/apache.xml?rev=1566311&r1=1566310&r2=1566311&view=diff
==============================================================================
--- tomcat/jk/trunk/xdocs/webserver_howto/apache.xml (original)
+++ tomcat/jk/trunk/xdocs/webserver_howto/apache.xml Sun Feb  9 16:40:28 2014
@@ -611,7 +611,7 @@ file that Tomcat normally serves - for i
 </p>
 
 <p>
-JkOptions <b>ForwardLocalAddress</b>, you ask mod_jk to send the local address,
+Setting JkOptions <b>ForwardLocalAddress</b>, you ask mod_jk to send the local 
address,
 of the Apache web server instead remote client address. This can be used by
 Tomcat remote address valve for allowing connections only from registered 
Apache
 web servers.
@@ -619,7 +619,20 @@ web servers.
 <source>
   JkOptions     +ForwardLocalAddress
 </source>
+<br/>
+<br/>
+</p>
 
+<p>
+Setting JkOptions <b>ForwardPhysicalAddress</b>, you ask mod_jk to send the
+physical peer TCP IP address as the client address. By default mod_jk
+uses the logical address as provided by the web server. For example the module
+mod_remoteip sets the logical IP address to the client IP forwarded by proxies
+in the <code>X-Forwarded-For</code> header.
+
+<source>
+  JkOptions     +ForwardPhysicalAddress
+</source>
 <br/>
 <br/>
 </p>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to