Hello,
On 3/26/14, 10:10 AM, Bruno Prémont wrote:
Yeah, vanilla mod_rpaf-0.6 does not handle IPv6 addresses well.
Be careful with the patch you choose, some fix the textual
representation of REMOTE_ADDR but still break on Apache-side access
control (e.g. on mis-match between proxy connection address family and
header-passed address family).
The patch I'm using successfully here is inlined below.
Bruno
---
diff -NurpP a/mod_rpaf.c b/mod_rpaf.c
--- a/mod_rpaf.c 2014-02-17 09:21:08.278411786 +0100
+++ b/mod_rpaf.c 2014-02-17 10:20:18.083940819 +0100
@@ -173,6 +173,7 @@ static int change_remote_ip(request_rec
}
if (fwdvalue) {
+ apr_sockaddr_t *tmpsa;
rpaf_cleanup_rec *rcr = (rpaf_cleanup_rec *)apr_pcalloc(r->pool,
sizeof(rpaf_cleanup_rec));
apr_array_header_t *arr = apr_array_make(r->pool, 0,
sizeof(char*));
while (*fwdvalue && (val = ap_get_token(r->pool, &fwdvalue, 1))) {
@@ -184,7 +185,8 @@ static int change_remote_ip(request_rec
rcr->r = r;
apr_pool_cleanup_register(r->pool, (void *)rcr, rpaf_cleanup,
apr_pool_cleanup_null);
r->connection->remote_ip = apr_pstrdup(r->connection->pool, ((char
**)arr->elts)[((arr->nelts)-1)]);
- r->connection->remote_addr->sa.sin.sin_addr.s_addr =
apr_inet_addr(r->connection->remote_ip);
+ if (apr_sockaddr_info_get(&tmpsa, r->connection->remote_ip, APR_UNSPEC,
r->connection->remote_addr->port, 0, r->connection->remote_addr->pool) == APR_SUCCESS)
+ memcpy(r->connection->remote_addr, tmpsa,
sizeof(apr_sockaddr_t));
if (cfg->sethostname) {
const char *hostvalue;
if ((hostvalue = apr_table_get(r->headers_in,
"X-Forwarded-Host"))) {
Thank you Bruno! I will try this a bit later, when things have settled
down here.
--
Jim Ohlstein
"Never argue with a fool, onlookers may not be able to tell the
difference." - Mark Twain
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
