Re: mod_remoteip and mod_http2 combined

2017-04-03 Thread Stefan Eissing
I can see that a flat directive namespace has its drawbacks... ;-) > Am 01.04.2017 um 19:12 schrieb Daniel Ruggeri : > > > On 4/1/2017 11:18 AM, Yann Ylavic wrote: >> Hi Daniel, >> >> On Sat, Apr 1, 2017 at 3:56 PM, Daniel Ruggeri wrote: >>> I went

Re: mod_remoteip and mod_http2 combined

2017-04-01 Thread Daniel Ruggeri
On 4/1/2017 11:18 AM, Yann Ylavic wrote: > Hi Daniel, > > On Sat, Apr 1, 2017 at 3:56 PM, Daniel Ruggeri wrote: >> I went with the directive name >> RemoteIPProxyProtocolDisableHosts to align more with the fact that a >> single host or range can be disabled. > How about

Re: mod_remoteip and mod_http2 combined

2017-04-01 Thread Yann Ylavic
Hi Daniel, On Sat, Apr 1, 2017 at 3:56 PM, Daniel Ruggeri wrote: > I went with the directive name > RemoteIPProxyProtocolDisableHosts to align more with the fact that a > single host or range can be disabled. How about RemoteIPProxyProtocolExceptions since one can

Re: mod_remoteip and mod_http2 combined

2017-04-01 Thread Daniel Ruggeri
Sorry for the top post. I've committed r1789800 which pulls out Optional handling and adds the ability to disable based on source network. This is more or less the code as it was donated, plus some cleanup and the small addition to disable based on networks (overall a cleaner approach anyway). I

Re: mod_remoteip and mod_http2 combined

2017-04-01 Thread Daniel Ruggeri
Agreed - as many times as I read the spec, I have no idea how I did not see that security advisory. It's flat-out damning to the idea of an "optional" mode. I'll go ahead and rip out the optional processing and will add your suggested idea of a list of subnets to disable parsing. I hope to have a

Re: mod_remoteip and mod_http2 combined

2017-03-29 Thread William A Rowe Jr
On Wed, Mar 29, 2017 at 4:43 PM, William A Rowe Jr wrote: > > It would be nice if the mod_remoteip patch to PROXY protocol followed the > security advisories of the PROXY draft security comments, and we rip out the > 'optional' mode. The remaining objection is around the

Re: mod_remoteip and mod_http2 combined

2017-03-29 Thread William A Rowe Jr
On Mon, Mar 27, 2017 at 9:07 AM, Sander Hoentjen wrote: > > On 03/16/2017 10:34 AM, Sander Hoentjen wrote: >> >> On 03/11/2017 07:57 PM, Daniel Ruggeri wrote: >>> Thanks, all, for the patience as I finally got back to this. >>> >>> On 2/24/2017 11:05 AM, Sander Hoentjen wrote:

Re: mod_remoteip and mod_http2 combined

2017-03-27 Thread Sander Hoentjen
On 03/16/2017 10:34 AM, Sander Hoentjen wrote: > > On 03/11/2017 07:57 PM, Daniel Ruggeri wrote: >> Thanks, all, for the patience as I finally got back to this. >> >> On 2/24/2017 11:05 AM, Sander Hoentjen wrote: >>> On 02/20/2017 07:48 PM, William A Rowe Jr wrote: On Sat, Feb 18, 2017 at

Re: mod_remoteip and mod_http2 combined

2017-03-16 Thread Sander Hoentjen
On 03/11/2017 07:57 PM, Daniel Ruggeri wrote: > Thanks, all, for the patience as I finally got back to this. > > On 2/24/2017 11:05 AM, Sander Hoentjen wrote: >> On 02/20/2017 07:48 PM, William A Rowe Jr wrote: >>> On Sat, Feb 18, 2017 at 4:25 PM, Daniel Ruggeri wrote:

Re: mod_remoteip and mod_http2 combined

2017-03-11 Thread Daniel Ruggeri
Thanks, all, for the patience as I finally got back to this. On 2/24/2017 11:05 AM, Sander Hoentjen wrote: > > On 02/20/2017 07:48 PM, William A Rowe Jr wrote: >> On Sat, Feb 18, 2017 at 4:25 PM, Daniel Ruggeri wrote: >>> On 2017-02-15 09:07 (-0600), William A Rowe Jr

Re: mod_remoteip and mod_http2 combined

2017-02-24 Thread Sander Hoentjen
On 02/20/2017 07:48 PM, William A Rowe Jr wrote: > On Sat, Feb 18, 2017 at 4:25 PM, Daniel Ruggeri wrote: >> On 2017-02-15 09:07 (-0600), William A Rowe Jr wrote: >>> On Wed, Feb 15, 2017 at 9:02 AM, Sander Hoentjen wrote:

Re: mod_remoteip and mod_http2 combined

2017-02-20 Thread William A Rowe Jr
On Sat, Feb 18, 2017 at 4:25 PM, Daniel Ruggeri wrote: > On 2017-02-15 09:07 (-0600), William A Rowe Jr wrote: >> On Wed, Feb 15, 2017 at 9:02 AM, Sander Hoentjen wrote: >> > >> > mod_remote ip has: >> > /* mod_proxy creates

Re: mod_remoteip and mod_http2 combined

2017-02-19 Thread Sander Hoentjen
I am away on holiday until the 25th, will try when i get back. On Sat Feb 18 23:25:51 2017 GMT+0100, Daniel Ruggeri wrote: > On 2017-02-15 09:07 (-0600), William A Rowe Jr wrote: > > On Wed, Feb 15, 2017 at 9:02 AM, Sander Hoentjen wrote: > > > > > >

Re: mod_remoteip and mod_http2 combined

2017-02-18 Thread Daniel Ruggeri
On 2017-02-15 09:07 (-0600), William A Rowe Jr wrote: > On Wed, Feb 15, 2017 at 9:02 AM, Sander Hoentjen wrote: > > > > mod_remote ip has: > > /* mod_proxy creates outgoing connections - we don't want those */ > > if

Re: mod_remoteip and mod_http2 combined

2017-02-15 Thread William A Rowe Jr
On Wed, Feb 15, 2017 at 9:02 AM, Sander Hoentjen wrote: > > mod_remote ip has: > /* mod_proxy creates outgoing connections - we don't want those */ > if (!remoteip_is_server_port(c->local_addr->port)) { > return DECLINED; > } > I am guessing something

Re: mod_remoteip and mod_http2 combined

2017-02-15 Thread Sander Hoentjen
On 02/15/2017 12:19 PM, Jordan Gigov wrote: > On 15 February 2017 at 12:50, Sander Hoentjen wrote: >> Hey guys, >> >> I am trying to use both mod_remoteip with ProxyProtocol and mod_http2. >> It looks like mod_http2 gets handed the connection before mod_remoteip, >> so things

Re: mod_remoteip and mod_http2 combined

2017-02-15 Thread Jordan Gigov
Try modules/http2/h2_h2.c line 550 add "mod_remoteip.c" after "mod_ssl.c". This reminds me since remoteip is being updated, maybe it should also specify some before and after mods to avoid. On 15 February 2017 at 12:50, Sander Hoentjen wrote: > Hey guys, > > I am trying to