[Bug 60251] mod_remoteip discards additional address when mod_rewrite rule is triggered

2018-05-05 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60251

Nicholas Sherlock  changed:

   What|Removed |Added

 CC||n.sherl...@gmail.com

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 60251] mod_remoteip discards additional address when mod_rewrite rule is triggered

2018-03-27 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60251

--- Comment #4 from Christophe JAILLET  ---
This has been fixed in 2.4.x in r1767483 and is part of 2.4.24.

I still leave it open because of Eric's last comment.
Should anyone want to check and apply the proposed clean-up.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 60251] mod_remoteip discards additional address when mod_rewrite rule is triggered

2016-10-14 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60251

--- Comment #3 from Eric Covener  ---
(In reply to Ari Pringle from comment #2)
> I compiled the latest version of mod_remoteip.c from the github mirror, and
> this problem seems to be resolved. I believe it was fixed in commit r1688399
> from June 2015, although that appears not to have made it into the any httpd
> releases yet (as of 2.4.23): 
> https://mail-archives.apache.org/mod_mbox/httpd-cvs/201506.mbox/
> %3c20150630084017.c9616ac0...@hades.apache.org%3E
> 
> Any idea when this might make its way into a release?

Looks like it was not backported.  Will propose it shortly

-temp_sa = c->client_addr;
+temp_sa = r->useragent_addr ? r->useragent_addr : c->client_addr;

I think this simplifies to just r->useragent_addr since r->useragent_addr
starts out life as a copy of c->client_addr (ap_read_request)

AP_DECLARE(const char *) ap_get_useragent_host(request_rec *r,
   int type, int *str_is_ip)
{
conn_rec *conn = r->connection;
int hostname_lookups;
int ignored_str_is_ip;

/* Guard here when examining the host before the read_request hook
 * has populated an r->useragent_addr
 */
if (!r->useragent_addr || (r->useragent_addr == conn->client_addr)) { 

This also seems to be a little misleading in kind of the same way.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 60251] mod_remoteip discards additional address when mod_rewrite rule is triggered

2016-10-14 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60251

--- Comment #2 from Ari Pringle  ---
I compiled the latest version of mod_remoteip.c from the github mirror, and
this problem seems to be resolved. I believe it was fixed in commit r1688399
from June 2015, although that appears not to have made it into the any httpd
releases yet (as of 2.4.23): 
https://mail-archives.apache.org/mod_mbox/httpd-cvs/201506.mbox/%3c20150630084017.c9616ac0...@hades.apache.org%3E

Any idea when this might make its way into a release?

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 60251] mod_remoteip discards additional address when mod_rewrite rule is triggered

2016-10-13 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60251

Jay Klehr  changed:

   What|Removed |Added

 CC||j...@diablomedia.com

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 60251] mod_remoteip discards additional address when mod_rewrite rule is triggered

2016-10-13 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60251

--- Comment #1 from Ari Pringle  ---
I enabled LogLevel rewrite:trace8 remoteip:trace8 on the system, and included
the error log output below. It seems that mod_remoteip is getting executed
again after mod_rewrite performs the INTERNAL_REDIRECT, and presumably working
on already-modified X-Forwarded-For header. Would it be feasible to detect if
such a redirect has happened and not re-process the request in that case?

This case seems similar to this patch:
https://bz.apache.org/bugzilla/show_bug.cgi?id=49839

For what it's worth, a colleague of mine noted that the code from the above
patch doesn't seem to exist in the current mod_remoteip.c source.

---

[Thu Oct 13 21:19:29.913894 2016] [remoteip:trace1] [pid 37]
mod_remoteip.c(423): [client 3.3.3.3:53539] Using 3.3.3.3 as client's IP by
proxies 100.100.100.1
[Thu Oct 13 21:19:29.914754 2016] [rewrite:trace3] [pid 37] mod_rewrite.c(477):
[client 3.3.3.3:53539] 3.3.3.3 - -
[localhost/sid#7f85f6945470][rid#7f85f68bd0a0/initial] [perdir /app/httpdocs/]
strip per-dir prefix: /app/httpdocs/invalidurl -> invalidurl
[Thu Oct 13 21:19:29.914771 2016] [rewrite:trace3] [pid 37] mod_rewrite.c(477):
[client 3.3.3.3:53539] 3.3.3.3 - -
[localhost/sid#7f85f6945470][rid#7f85f68bd0a0/initial] [perdir /app/httpdocs/]
applying pattern '^.*$' to uri 'invalidurl'
[Thu Oct 13 21:19:29.914853 2016] [rewrite:trace4] [pid 37] mod_rewrite.c(477):
[client 3.3.3.3:53539] 3.3.3.3 - -
[localhost/sid#7f85f6945470][rid#7f85f68bd0a0/initial] [perdir /app/httpdocs/]
RewriteCond: input='/app/httpdocs/invalidurl' pattern='!-s' => matched
[Thu Oct 13 21:19:29.914863 2016] [rewrite:trace2] [pid 37] mod_rewrite.c(477):
[client 3.3.3.3:53539] 3.3.3.3 - -
[localhost/sid#7f85f6945470][rid#7f85f68bd0a0/initial] [perdir /app/httpdocs/]
rewrite 'invalidurl' -> 'index.php'
[Thu Oct 13 21:19:29.914872 2016] [rewrite:trace3] [pid 37] mod_rewrite.c(477):
[client 3.3.3.3:53539] 3.3.3.3 - -
[localhost/sid#7f85f6945470][rid#7f85f68bd0a0/initial] [perdir /app/httpdocs/]
add per-dir prefix: index.php -> /app/httpdocs/index.php
[Thu Oct 13 21:19:29.914884 2016] [rewrite:trace2] [pid 37] mod_rewrite.c(477):
[client 3.3.3.3:53539] 3.3.3.3 - -
[localhost/sid#7f85f6945470][rid#7f85f68bd0a0/initial] [perdir /app/httpdocs/]
strip document_root prefix: /app/httpdocs/index.php -> /index.php
[Thu Oct 13 21:19:29.914892 2016] [rewrite:trace1] [pid 37] mod_rewrite.c(477):
[client 3.3.3.3:53539] 3.3.3.3 - -
[localhost/sid#7f85f6945470][rid#7f85f68bd0a0/initial] [perdir /app/httpdocs/]
internal redirect with /index.php [INTERNAL REDIRECT]
[Thu Oct 13 21:19:29.915247 2016] [remoteip:trace1] [pid 37]
mod_remoteip.c(423): [client 2.2.2.2:53539] Using 2.2.2.2 as client's IP by
proxies 100.100.100.2
[Thu Oct 13 21:19:29.915304 2016] [rewrite:trace3] [pid 37] mod_rewrite.c(477):
[client 2.2.2.2:53539] 2.2.2.2 - -
[localhost/sid#7f85f6945470][rid#7f85f68b9a60/initial/redir#1] [perdir
/app/httpdocs/] strip per-dir prefix: /app/httpdocs/index.php -> index.php
[Thu Oct 13 21:19:29.915358 2016] [rewrite:trace3] [pid 37] mod_rewrite.c(477):
[client 2.2.2.2:53539] 2.2.2.2 - -
[localhost/sid#7f85f6945470][rid#7f85f68b9a60/initial/redir#1] [perdir
/app/httpdocs/] applying pattern '^.*$' to uri 'index.php'
[Thu Oct 13 21:19:29.915372 2016] [rewrite:trace4] [pid 37] mod_rewrite.c(477):
[client 2.2.2.2:53539] 2.2.2.2 - -
[localhost/sid#7f85f6945470][rid#7f85f68b9a60/initial/redir#1] [perdir
/app/httpdocs/] RewriteCond: input='/app/httpdocs/index.php' pattern='!-s' =>
not-matched
[Thu Oct 13 21:19:29.915380 2016] [rewrite:trace1] [pid 37] mod_rewrite.c(477):
[client 2.2.2.2:53539] 2.2.2.2 - -
[localhost/sid#7f85f6945470][rid#7f85f68b9a60/initial/redir#1] [perdir
/app/httpdocs/] pass through /app/httpdocs/index.php

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org