Further clarify the naming of the entity that originates the request by
calling that entity a useragent instead of a client.
Further clarify the naming of the entity that directly connects to us by
calling that entity a client instead of a peer.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1214022 13f79535-47bb-0310-9956-
ffa450edef68
26 files changed:
<li>Modules that load other modules later than the EXEC_ON_READ config
reading stage need to call ap_reserve_module_slots() or
ap_reserve_module_slots_directive() in their pre_config hook.</li>
<li>Modules that load other modules later than the EXEC_ON_READ config
reading stage need to call ap_reserve_module_slots() or
ap_reserve_module_slots_directive() in their pre_config hook.</li>
- <li>The client IP address per request can now be specified independently
- of the peer IP address of the connection for the benefit of load
- balancers</li>
+ <li>The useragent IP address per request can now be specified
+ independently of the client IP address of the connection for
+ the benefit of load balancers</li>
<dd>This has been renamed to ap_unixd_config.</dd>
<dt><code>conn_rec->remote_ip and conn_rec->remote_addr</code></dt>
<dd>This has been renamed to ap_unixd_config.</dd>
<dt><code>conn_rec->remote_ip and conn_rec->remote_addr</code></dt>
- <dd>In order to distinguish between the peer IP address of the
- connection, and the client IP address of the request potentially
+ <dd>In order to distinguish between the client IP address of the
+ connection, and the useragent IP address of the request potentially
overridden by a load balancer or proxy, the above variables have
been renamed. If a module makes reference to either of the above
variables, they need to be replaced with one of the following two
options as appropriate for the module:
<ul>
overridden by a load balancer or proxy, the above variables have
been renamed. If a module makes reference to either of the above
variables, they need to be replaced with one of the following two
options as appropriate for the module:
<ul>
- <li>When you require the IP address of the client, which might
- be connected directly to the server, or might optionally be
+ <li>When you require the IP address of the user agent, which
+ might be connected directly to the server, or might optionally be
separated from the server by a transparent load balancer or
separated from the server by a transparent load balancer or
- proxy, use request_rec->client_ip and
- request_rec->client_addr.</li>
- <li>When you require the IP address of the peer that is
- connected directly to the server, which might be the client or
+ proxy, use request_rec->useragent_ip and
+ request_rec->useragent_addr.</li>
+ <li>When you require the IP address of the client that is
+ connected directly to the server, which might be the useragent or
might be the load balancer or proxy itself, use
might be the load balancer or proxy itself, use
- conn_rec->peer_ip and conn_rec->peer_addr.</li>
+ conn_rec->client_ip and conn_rec->client_addr.</li>
<modulesynopsis metafile="mod_remoteip.xml.meta">
<name>mod_remoteip</name>
<modulesynopsis metafile="mod_remoteip.xml.meta">
<name>mod_remoteip</name>
-<description>Replaces the original peer IP address for the connection
-with the client IP address list presented by a proxies or a load balancer
+<description>Replaces the original client IP address for the connection
+with the useragent IP address list presented by a proxies or a load balancer
via the request headers.
</description>
via the request headers.
</description>
<identifier>remoteip_module</identifier>
<summary>
<identifier>remoteip_module</identifier>
<summary>
- <p>This module is used to treat the client which initiated the
- request as the originating client as identified by httpd for the
- purposes of authorization and logging, even where that client is
+ <p>This module is used to treat the useragent which initiated the
+ request as the originating useragent as identified by httpd for the
+ purposes of authorization and logging, even where that useragent is
behind a load balancer, front end server, or proxy server.</p>
behind a load balancer, front end server, or proxy server.</p>
- <p>The module overrides the peer IP address for the connection
- with the client IP address reported in the request header configured
+ <p>The module overrides the client IP address for the connection
+ with the useragent IP address reported in the request header configured
with the <directive>RemoteIPHeader</directive> directive.</p>
with the <directive>RemoteIPHeader</directive> directive.</p>
- <p>Once replaced as instructed, this overridden client IP address is
+ <p>Once replaced as instructed, this overridden useragent IP address is
then used for the <module>mod_authz_host</module>
<directive module="mod_authz_host" type="section">Require ip</directive>
feature, is reported by <module>mod_status</module>, and is recorded by
<module>mod_log_config</module> <code>%a</code> and <module>core</module>
then used for the <module>mod_authz_host</module>
<directive module="mod_authz_host" type="section">Require ip</directive>
feature, is reported by <module>mod_status</module>, and is recorded by
<module>mod_log_config</module> <code>%a</code> and <module>core</module>
- <code>%a</code> format strings. The underlying peer IP of the connection
+ <code>%a</code> format strings. The underlying client IP of the connection
is available in the <code>%{c}a</code> format string.</p>
<note type="warning">It is critical to only enable this behavior from
intermediate hosts (proxies, etc) which are trusted by this server, since
is available in the <code>%{c}a</code> format string.</p>
<note type="warning">It is critical to only enable this behavior from
intermediate hosts (proxies, etc) which are trusted by this server, since
- it is trivial for the remote client to impersonate another client.</note>
+ it is trivial for the remote useragent to impersonate another
+ useragent.</note>
</summary>
<seealso><module>mod_authz_host</module></seealso>
</summary>
<seealso><module>mod_authz_host</module></seealso>
<section id="processing"><title>Remote IP Processing</title>
<section id="processing"><title>Remote IP Processing</title>
- <p>Apache by default identifies the client with the connection's
- peer_ip value, and the connection remote_host and remote_logname are
+ <p>Apache by default identifies the useragent with the connection's
+ client_ip value, and the connection remote_host and remote_logname are
derived from this value. These fields play a role in authentication,
authorization and logging and other purposes by other loadable
modules.</p>
derived from this value. These fields play a role in authentication,
authorization and logging and other purposes by other loadable
modules.</p>
- <p>mod_remoteip overrides the peer IP of the connection with the
- advertised client IP as provided by a proxy or load balancer, for
+ <p>mod_remoteip overrides the client IP of the connection with the
+ advertised useragent IP as provided by a proxy or load balancer, for
the duration of the request. A load balancer might establish a long
lived keepalive connection with the server, and each request will
the duration of the request. A load balancer might establish a long
lived keepalive connection with the server, and each request will
- have the correct client IP, even though the underlying peer IP
+ have the correct useragent IP, even though the underlying client IP
address of the load balancer remains unchanged.</p>
address of the load balancer remains unchanged.</p>
- <p>When multiple, comma delimited client IP addresses are listed in the
+ <p>When multiple, comma delimited useragent IP addresses are listed in the
header value, they are processed in Right-to-Left order. Processing
header value, they are processed in Right-to-Left order. Processing
- halts when a given client IP address is not trusted to present the
+ halts when a given useragent IP address is not trusted to present the
preceding IP address. The header field is updated to this remaining
list of unconfirmed IP addresses, or if all IP addresses were trusted,
this header is removed from the request altogether.</p>
preceding IP address. The header field is updated to this remaining
list of unconfirmed IP addresses, or if all IP addresses were trusted,
this header is removed from the request altogether.</p>
<directivesynopsis>
<name>RemoteIPHeader</name>
<directivesynopsis>
<name>RemoteIPHeader</name>
-<description>Declare the header field which should be parsed for client IP addresses</description>
+<description>Declare the header field which should be parsed for useragent IP addresses</description>
<syntax>RemoteIPHeader <var>header-field</var></syntax>
<contextlist><context>server config</context><context>virtual host</context></contextlist>
<usage>
<p>The <directive>RemoteIPHeader</directive> directive triggers
<module>mod_remoteip</module> to treat the value of the specified
<syntax>RemoteIPHeader <var>header-field</var></syntax>
<contextlist><context>server config</context><context>virtual host</context></contextlist>
<usage>
<p>The <directive>RemoteIPHeader</directive> directive triggers
<module>mod_remoteip</module> to treat the value of the specified
- <var>header-field</var> header as the client IP address, or list
- of intermediate client IP addresses, subject to further configuration
+ <var>header-field</var> header as the useragent IP address, or list
+ of intermediate useragent IP addresses, subject to further configuration
of the <directive>RemoteIPInternalProxy</directive> and
<directive>RemoteIPTrustedProxy</directive> directives. Unless these
other directives are used, <module>mod_remoteip</module> will trust all
of the <directive>RemoteIPInternalProxy</directive> and
<directive>RemoteIPTrustedProxy</directive> directives. Unless these
other directives are used, <module>mod_remoteip</module> will trust all
<usage>
<p>The <directive>RemoteIPInternalProxy</directive> directive adds one
or more addresses (or address blocks) to trust as presenting a valid
<usage>
<p>The <directive>RemoteIPInternalProxy</directive> directive adds one
or more addresses (or address blocks) to trust as presenting a valid
- RemoteIPHeader value of the client IP. Unlike the
+ RemoteIPHeader value of the useragent IP. Unlike the
<directive>RemoteIPTrustedProxy</directive> directive, any IP address
presented in this header, including private intranet addresses, are
trusted when passed from these proxies.</p>
<directive>RemoteIPTrustedProxy</directive> directive, any IP address
presented in this header, including private intranet addresses, are
trusted when passed from these proxies.</p>
<usage>
<p>The <directive>RemoteIPInternalProxyList</directive> directive specifies
a file parsed at startup, and builds a list of addresses (or address blocks)
<usage>
<p>The <directive>RemoteIPInternalProxyList</directive> directive specifies
a file parsed at startup, and builds a list of addresses (or address blocks)
- to trust as presenting a valid RemoteIPHeader value of the client IP.</p>
+ to trust as presenting a valid RemoteIPHeader value of the useragent IP.</p>
<p>The '<code>#</code>' hash character designates a comment line, otherwise
each whitespace or newline separated entry is processed identically to
<p>The '<code>#</code>' hash character designates a comment line, otherwise
each whitespace or newline separated entry is processed identically to
<usage>
<p>The <directive>RemoteIPProxiesHeader</directive> directive specifies
a header into which <module>mod_remoteip</module> will collect a list of
<usage>
<p>The <directive>RemoteIPProxiesHeader</directive> directive specifies
a header into which <module>mod_remoteip</module> will collect a list of
- all of the intermediate client IP addresses trusted to resolve the client
+ all of the intermediate client IP addresses trusted to resolve the useragent
IP of the request. Note that intermediate
<directive>RemoteIPTrustedProxy</directive> addresses are recorded in
this header, while any intermediate
IP of the request. Note that intermediate
<directive>RemoteIPTrustedProxy</directive> addresses are recorded in
this header, while any intermediate
<usage>
<p>The <directive>RemoteIPTrustedProxy</directive> directive adds one
or more addresses (or address blocks) to trust as presenting a valid
<usage>
<p>The <directive>RemoteIPTrustedProxy</directive> directive adds one
or more addresses (or address blocks) to trust as presenting a valid
- RemoteIPHeader value of the client IP. Unlike the
+ RemoteIPHeader value of the useragent IP. Unlike the
<directive>RemoteIPInternalProxy</directive> directive, any intranet
or private IP address reported by such proxies, including the 10/8, 172.16/12,
192.168/16, 169.254/16 and 127/8 blocks (or outside of the IPv6 public
<directive>RemoteIPInternalProxy</directive> directive, any intranet
or private IP address reported by such proxies, including the 10/8, 172.16/12,
192.168/16, 169.254/16 and 127/8 blocks (or outside of the IPv6 public
- 2000::/3 block) are not trusted as the client IP, and are left in the
+ 2000::/3 block) are not trusted as the useragent IP, and are left in the
<directive>RemoteIPHeader</directive> header's value.</p>
<example><title>Trusted (Load Balancer) Example</title>
<directive>RemoteIPHeader</directive> header's value.</p>
<example><title>Trusted (Load Balancer) Example</title>
<usage>
<p>The <directive>RemoteIPTrustedProxyList</directive> directive specifies
a file parsed at startup, and builds a list of addresses (or address blocks)
<usage>
<p>The <directive>RemoteIPTrustedProxyList</directive> directive specifies
a file parsed at startup, and builds a list of addresses (or address blocks)
- to trust as presenting a valid RemoteIPHeader value of the client IP.</p>
+ to trust as presenting a valid RemoteIPHeader value of the useragent IP.</p>
<p>The '<code>#</code>' hash character designates a comment line, otherwise
each whitespace or newline seperated entry is processed identically to
<p>The '<code>#</code>' hash character designates a comment line, otherwise
each whitespace or newline seperated entry is processed identically to
/** remote address information from conn_rec, can be overridden if
* necessary by a module.
*/
/** remote address information from conn_rec, can be overridden if
* necessary by a module.
*/
- apr_sockaddr_t *client_addr;
- char *client_ip;
+ apr_sockaddr_t *useragent_addr;
+ char *useragent_ip;
/** local address */
apr_sockaddr_t *local_addr;
/** remote address */
/** local address */
apr_sockaddr_t *local_addr;
/** remote address */
- apr_sockaddr_t *peer_addr;
+ apr_sockaddr_t *client_addr;
/** Client's IP address */
/** Client's IP address */
/** Client's DNS name, if known. NULL if DNS hasn't been checked,
* "" if it has and no address was found. N.B. Only access this though
* get_remote_host() */
/** Client's DNS name, if known. NULL if DNS hasn't been checked,
* "" if it has and no address was found. N.B. Only access this though
* get_remote_host() */
- if (apr_ipsubnet_test(ap[i].x.ip, r->client_addr)) {
+ if (apr_ipsubnet_test(ap[i].x.ip, r->useragent_addr)) {
apr_ipsubnet_t **ip = (apr_ipsubnet_t **)parsed_require_line;
while (*ip) {
apr_ipsubnet_t **ip = (apr_ipsubnet_t **)parsed_require_line;
while (*ip) {
- if (apr_ipsubnet_test(*ip, r->client_addr))
+ if (apr_ipsubnet_test(*ip, r->useragent_addr))
return AUTHZ_GRANTED;
ip++;
}
return AUTHZ_GRANTED;
ip++;
}
const void *parsed_require_line)
{
if ( apr_sockaddr_equal(r->connection->local_addr,
const void *parsed_require_line)
{
if ( apr_sockaddr_equal(r->connection->local_addr,
- r->client_addr)
- || apr_ipsubnet_test(localhost_v4, r->client_addr)
+ r->useragent_addr)
+ || apr_ipsubnet_test(localhost_v4, r->useragent_addr)
- || apr_ipsubnet_test(localhost_v6, r->client_addr)
+ || apr_ipsubnet_test(localhost_v6, r->useragent_addr)
else if (strcEQ(var, "REQUEST_FILENAME"))
result = r->filename;
else if (strcEQ(var, "REMOTE_ADDR"))
else if (strcEQ(var, "REQUEST_FILENAME"))
result = r->filename;
else if (strcEQ(var, "REMOTE_ADDR"))
+ result = r->useragent_ip;
else if (strcEQ(var, "REMOTE_HOST"))
result = ap_get_remote_host(r->connection, r->per_dir_config,
REMOTE_NAME, NULL);
else if (strcEQ(var, "REMOTE_HOST"))
result = ap_get_remote_host(r->connection, r->per_dir_config,
REMOTE_NAME, NULL);
buf[len] = '\0';
tbl = apr_table_make(r->pool, 10);
qs_to_table(buf, tbl, r->pool);
buf[len] = '\0';
tbl = apr_table_make(r->pool, 10);
qs_to_table(buf, tbl, r->pool);
- apr_sockaddr_ip_get(&ip, r->connection->peer_addr);
+ apr_sockaddr_ip_get(&ip, r->connection->client_addr);
hmserver.ip = ip;
hmserver.port = 80;
if (apr_table_get(tbl, "port") != NULL)
hmserver.ip = ip;
hmserver.port = 80;
if (apr_table_get(tbl, "port") != NULL)
if (!APR_STATUS_IS_EOF(rv) && ! APR_STATUS_IS_TIMEUP(rv))
ap_log_error(APLOG_MARK, APLOG_INFO, rv, c->base_server, APLOGNO(01611)
"ProtocolEcho: Failure reading from %s",
if (!APR_STATUS_IS_EOF(rv) && ! APR_STATUS_IS_TIMEUP(rv))
ap_log_error(APLOG_MARK, APLOG_INFO, rv, c->base_server, APLOGNO(01611)
"ProtocolEcho: Failure reading from %s",
apr_brigade_cleanup(bb);
ap_log_error(APLOG_MARK, APLOG_INFO, rv, c->base_server, APLOGNO(01612)
"ProtocolEcho: Error - read empty brigade from %s!",
apr_brigade_cleanup(bb);
ap_log_error(APLOG_MARK, APLOG_INFO, rv, c->base_server, APLOGNO(01612)
"ProtocolEcho: Error - read empty brigade from %s!",
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_INFO, rv, c->base_server, APLOGNO(01613)
"ProtocolEcho: Failure writing to %s",
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_INFO, rv, c->base_server, APLOGNO(01613)
"ProtocolEcho: Failure writing to %s",
break;
}
apr_brigade_cleanup(bb);
break;
}
apr_brigade_cleanup(bb);
apr_file_printf(stderr_log,
"[%s] [client %s] mod_ext_filter (%d)%s: %s\n",
time_str,
apr_file_printf(stderr_log,
"[%s] [client %s] mod_ext_filter (%d)%s: %s\n",
time_str,
err,
apr_strerror(err, errbuf, sizeof(errbuf)),
description);
err,
apr_strerror(err, errbuf, sizeof(errbuf)),
description);
new->prev = r;
r->next = new;
new->prev = r;
r->next = new;
- new->client_addr = r->client_addr;
- new->client_ip = r->client_ip;
+ new->useragent_addr = r->useragent_addr;
+ new->useragent_ip = r->useragent_ip;
/* Must have prev and next pointers set before calling create_request
* hook.
/* Must have prev and next pointers set before calling create_request
* hook.
static const char *log_remote_address(request_rec *r, char *a)
{
if (a && !strcmp(a, "c")) {
static const char *log_remote_address(request_rec *r, char *a)
{
if (a && !strcmp(a, "c")) {
- return r->connection->peer_ip;
+ return r->connection->client_ip;
+ return r->useragent_ip;
port = r->server->port ? r->server->port : ap_default_port(r);
}
else if (!strcasecmp(a, "remote")) {
port = r->server->port ? r->server->port : ap_default_port(r);
}
else if (!strcasecmp(a, "remote")) {
- port = r->client_addr->port;
+ port = r->useragent_addr->port;
}
else if (!strcasecmp(a, "local")) {
port = r->connection->local_addr->port;
}
else if (!strcasecmp(a, "local")) {
port = r->connection->local_addr->port;
ap_lua_push_apr_table(L, c->notes);
lua_setfield(L, -2, "notes");
ap_lua_push_apr_table(L, c->notes);
lua_setfield(L, -2, "notes");
- lua_pushstring(L, c->peer_ip);
+ lua_pushstring(L, c->client_ip);
lua_setfield(L, -2, "remote_ip");
lua_pop(L, 1);
lua_setfield(L, -2, "remote_ip");
lua_pop(L, 1);
else if (!strcmp(var, "IPV6")) {
int flag = FALSE;
#if APR_HAVE_IPV6
else if (!strcmp(var, "IPV6")) {
int flag = FALSE;
#if APR_HAVE_IPV6
- apr_sockaddr_t *addr = r->client_addr;
+ apr_sockaddr_t *addr = r->useragent_addr;
flag = (addr->family == AF_INET6 &&
!IN6_IS_ADDR_V4MAPPED((struct in6_addr *)addr->ipaddr_ptr));
rewritelog((r, 1, ctx->perdir, "IPV6='%s'", flag ? "on" : "off"));
flag = (addr->family == AF_INET6 &&
!IN6_IS_ADDR_V4MAPPED((struct in6_addr *)addr->ipaddr_ptr));
rewritelog((r, 1, ctx->perdir, "IPV6='%s'", flag ? "on" : "off"));
case 'D':
if (*var == 'R' && !strcmp(var, "REMOTE_ADDR")) {
case 'D':
if (*var == 'R' && !strcmp(var, "REMOTE_ADDR")) {
+ result = r->useragent_ip;
}
else if (!strcmp(var, "SERVER_ADDR")) {
result = r->connection->local_ip;
}
else if (!strcmp(var, "SERVER_ADDR")) {
result = r->connection->local_ip;
REMOTE_NAME, NULL);
}
else if (!strcmp(var, "REMOTE_PORT")) {
REMOTE_NAME, NULL);
}
else if (!strcmp(var, "REMOTE_PORT")) {
- return apr_itoa(r->pool, r->client_addr->port);
+ return apr_itoa(r->pool, r->useragent_addr->port);
- if ((rv = apr_sockaddr_info_get(&destsa, conn->peer_ip,
+ if ((rv = apr_sockaddr_info_get(&destsa, conn->client_ip,
localsa->family, /* has to match */
RFC1413_PORT, 0, conn->pool)) != APR_SUCCESS) {
/* This should not fail since we have a numeric address string
* as the host. */
ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv, APLOGNO(01493)
"rfc1413: apr_sockaddr_info_get(%s) failed",
localsa->family, /* has to match */
RFC1413_PORT, 0, conn->pool)) != APR_SUCCESS) {
/* This should not fail since we have a numeric address string
* as the host. */
ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv, APLOGNO(01493)
"rfc1413: apr_sockaddr_info_get(%s) failed",
apr_size_t buflen;
sav_our_port = conn->local_addr->port;
apr_size_t buflen;
sav_our_port = conn->local_addr->port;
- sav_rmt_port = conn->peer_addr->port;
+ sav_rmt_port = conn->client_addr->port;
/* send the data */
buflen = apr_snprintf(buffer, sizeof(buffer), "%hu,%hu\r\n", sav_rmt_port,
/* send the data */
buflen = apr_snprintf(buffer, sizeof(buffer), "%hu,%hu\r\n", sav_rmt_port,
} remoteip_config_t;
typedef struct {
} remoteip_config_t;
typedef struct {
- apr_sockaddr_t *client_addr;
- char *client_ip;
+ apr_sockaddr_t *useragent_addr;
+ char *useragent_ip;
/** The list of proxy ip's ignored as remote ip's */
const char *proxy_ips;
/** The remaining list of untrusted proxied remote ip's */
/** The list of proxy ip's ignored as remote ip's */
const char *proxy_ips;
/** The remaining list of untrusted proxied remote ip's */
}
remote = apr_pstrdup(r->pool, remote);
}
remote = apr_pstrdup(r->pool, remote);
- temp_sa = c->peer_addr;
+ temp_sa = c->client_addr;
- /* verify c->peer_addr is trusted if there is a trusted proxy list
+ /* verify c->client_addr is trusted if there is a trusted proxy list
*/
if (config->proxymatch_ip) {
int i;
remoteip_proxymatch_t *match;
match = (remoteip_proxymatch_t *)config->proxymatch_ip->elts;
for (i = 0; i < config->proxymatch_ip->nelts; ++i) {
*/
if (config->proxymatch_ip) {
int i;
remoteip_proxymatch_t *match;
match = (remoteip_proxymatch_t *)config->proxymatch_ip->elts;
for (i = 0; i < config->proxymatch_ip->nelts; ++i) {
- if (apr_ipsubnet_test(match[i].ip, c->peer_addr)) {
+ if (apr_ipsubnet_test(match[i].ip, c->client_addr)) {
internal = match[i].internal;
break;
}
internal = match[i].internal;
break;
}
req = (remoteip_req_t *) apr_palloc(r->pool, sizeof(remoteip_req_t));
}
req = (remoteip_req_t *) apr_palloc(r->pool, sizeof(remoteip_req_t));
}
- /* Set peer_ip string */
+ /* Set useragent_ip string */
if (!internal) {
if (proxy_ips) {
proxy_ips = apr_pstrcat(r->pool, proxy_ips, ", ",
if (!internal) {
if (proxy_ips) {
proxy_ips = apr_pstrcat(r->pool, proxy_ips, ", ",
- proxy_ips = c->peer_ip;
+ proxy_ips = c->client_ip;
- req->client_addr = temp_sa;
- apr_sockaddr_ip_get(&req->client_ip, req->client_addr);
+ req->useragent_addr = temp_sa;
+ apr_sockaddr_ip_get(&req->useragent_ip, req->useragent_addr);
}
/* Nothing happened? */
}
/* Nothing happened? */
- r->client_addr = req->client_addr;
- r->client_ip = req->client_ip;
+ r->useragent_addr = req->useragent_addr;
+ r->useragent_ip = req->useragent_ip;
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
req->proxy_ips
? "Using %s as client's IP by proxies %s"
: "Using %s as client's IP by internal proxies",
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
req->proxy_ips
? "Using %s as client's IP by proxies %s"
: "Using %s as client's IP by internal proxies",
- req->client_ip, req->proxy_ips);
+ req->useragent_ip, req->proxy_ips);
last_name = b->name;
switch (b->special_type) {
case SPECIAL_REMOTE_ADDR:
last_name = b->name;
switch (b->special_type) {
case SPECIAL_REMOTE_ADDR:
break;
case SPECIAL_SERVER_ADDR:
val = r->connection->local_ip;
break;
case SPECIAL_SERVER_ADDR:
val = r->connection->local_ip;
ajp_msg_append_uint8(msg, (apr_byte_t) method) ||
ajp_msg_append_string(msg, r->protocol) ||
ajp_msg_append_string(msg, uri->path) ||
ajp_msg_append_uint8(msg, (apr_byte_t) method) ||
ajp_msg_append_string(msg, r->protocol) ||
ajp_msg_append_string(msg, uri->path) ||
- ajp_msg_append_string(msg, r->client_ip) ||
+ ajp_msg_append_string(msg, r->useragent_ip) ||
ajp_msg_append_string(msg, remote_host) ||
ajp_msg_append_string(msg, ap_get_server_name(r)) ||
ajp_msg_append_uint16(msg, (apr_uint16_t)r->connection->local_addr->port) ||
ajp_msg_append_string(msg, remote_host) ||
ajp_msg_append_string(msg, ap_get_server_name(r)) ||
ajp_msg_append_uint16(msg, (apr_uint16_t)r->connection->local_addr->port) ||
*/
{
const char *key = SC_A_REQ_REMOTE_PORT;
*/
{
const char *key = SC_A_REQ_REMOTE_PORT;
- char *val = apr_itoa(r->pool, r->client_addr->port);
+ char *val = apr_itoa(r->pool, r->useragent_addr->port);
if (ajp_msg_append_uint8(msg, SC_A_REQ_ATTRIBUTE) ||
ajp_msg_append_string(msg, key) ||
ajp_msg_append_string(msg, val)) {
if (ajp_msg_append_uint8(msg, SC_A_REQ_ATTRIBUTE) ||
ajp_msg_append_string(msg, key) ||
ajp_msg_append_string(msg, val)) {
if (bytes_streamed != cl_val) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01087)
"client %s given Content-Length did not match"
if (bytes_streamed != cl_val) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01087)
"client %s given Content-Length did not match"
- " number of body bytes read", r->connection->peer_ip);
+ " number of body bytes read", r->connection->client_ip);
return HTTP_BAD_REQUEST;
}
return HTTP_BAD_REQUEST;
}
* determine, where the original request came from.
*/
apr_table_mergen(r->headers_in, "X-Forwarded-For",
* determine, where the original request came from.
*/
apr_table_mergen(r->headers_in, "X-Forwarded-For",
/* Add X-Forwarded-Host: so that upstream knows what the
* original request hostname was.
/* Add X-Forwarded-Host: so that upstream knows what the
* original request hostname was.
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01094)
"client %s (%s) requested Transfer-Encoding "
"chunked body with Content-Length (C-L ignored)",
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01094)
"client %s (%s) requested Transfer-Encoding "
"chunked body with Content-Length (C-L ignored)",
- c->peer_ip, c->remote_host ? c->remote_host: "");
+ c->client_ip, c->remote_host ? c->remote_host: "");
apr_table_unset(r->headers_in, "Content-Length");
old_cl_val = NULL;
origin->keepalive = AP_CONN_CLOSE;
apr_table_unset(r->headers_in, "Content-Length");
old_cl_val = NULL;
origin->keepalive = AP_CONN_CLOSE;
"prefetch request body failed to %pI (%s)"
" from %s (%s)",
p_conn->addr, p_conn->hostname ? p_conn->hostname: "",
"prefetch request body failed to %pI (%s)"
" from %s (%s)",
p_conn->addr, p_conn->hostname ? p_conn->hostname: "",
- c->peer_ip, c->remote_host ? c->remote_host: "");
+ c->client_ip, c->remote_host ? c->remote_host: "");
return HTTP_BAD_REQUEST;
}
return HTTP_BAD_REQUEST;
}
"processing prefetched request body failed"
" to %pI (%s) from %s (%s)",
p_conn->addr, p_conn->hostname ? p_conn->hostname: "",
"processing prefetched request body failed"
" to %pI (%s) from %s (%s)",
p_conn->addr, p_conn->hostname ? p_conn->hostname: "",
- c->peer_ip, c->remote_host ? c->remote_host: "");
+ c->client_ip, c->remote_host ? c->remote_host: "");
return HTTP_INTERNAL_SERVER_ERROR;
}
return HTTP_INTERNAL_SERVER_ERROR;
}
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01097)
"pass request body failed to %pI (%s) from %s (%s)",
p_conn->addr, p_conn->hostname ? p_conn->hostname: "",
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01097)
"pass request body failed to %pI (%s) from %s (%s)",
p_conn->addr, p_conn->hostname ? p_conn->hostname: "",
- c->peer_ip, c->remote_host ? c->remote_host: "");
+ c->client_ip, c->remote_host ? c->remote_host: "");
rp->input_filters = c->input_filters;
rp->proto_output_filters = c->output_filters;
rp->proto_input_filters = c->input_filters;
rp->input_filters = c->input_filters;
rp->proto_output_filters = c->output_filters;
rp->proto_input_filters = c->input_filters;
- rp->client_ip = c->peer_ip;
- rp->client_addr = c->peer_addr;
+ rp->useragent_ip = c->client_ip;
+ rp->useragent_addr = c->client_addr;
rp->request_config = ap_create_request_config(pool);
proxy_run_create_req(r, rp);
rp->request_config = ap_create_request_config(pool);
proxy_run_create_req(r, rp);
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02266)
"Access to %s denied for %s "
"(requirement expression not fulfilled)",
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02266)
"Access to %s denied for %s "
"(requirement expression not fulfilled)",
- r->filename, r->client_ip);
+ r->filename, r->useragent_ip);
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02228)
"Failed expression: %s", req->cpExpr);
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02228)
"Failed expression: %s", req->cpExpr);
else if (strcEQ(var, "REQUEST_FILENAME"))
result = r->filename;
else if (strcEQ(var, "REMOTE_ADDR"))
else if (strcEQ(var, "REQUEST_FILENAME"))
result = r->filename;
else if (strcEQ(var, "REMOTE_ADDR"))
+ result = r->useragent_ip;
else if (strcEQ(var, "REMOTE_HOST"))
result = ap_get_remote_host(r->connection, r->per_dir_config,
REMOTE_NAME, NULL);
else if (strcEQ(var, "REMOTE_HOST"))
result = ap_get_remote_host(r->connection, r->per_dir_config,
REMOTE_NAME, NULL);
rv = apr_sockaddr_info_get(&sa, conn->remote_host, APR_UNSPEC, 0, 0, conn->pool);
if (rv == APR_SUCCESS) {
while (sa) {
rv = apr_sockaddr_info_get(&sa, conn->remote_host, APR_UNSPEC, 0, 0, conn->pool);
if (rv == APR_SUCCESS) {
while (sa) {
- if (apr_sockaddr_equal(sa, conn->peer_addr)) {
+ if (apr_sockaddr_equal(sa, conn->client_addr)) {
conn->double_reverse = 1;
return;
}
conn->double_reverse = 1;
return;
}
&& (type == REMOTE_DOUBLE_REV
|| hostname_lookups != HOSTNAME_LOOKUP_OFF)) {
&& (type == REMOTE_DOUBLE_REV
|| hostname_lookups != HOSTNAME_LOOKUP_OFF)) {
- if (apr_getnameinfo(&conn->remote_host, conn->peer_addr, 0)
+ if (apr_getnameinfo(&conn->remote_host, conn->client_addr, 0)
== APR_SUCCESS) {
ap_str_tolower(conn->remote_host);
== APR_SUCCESS) {
ap_str_tolower(conn->remote_host);
+ return conn->client_ip;
}
apr_sockaddr_ip_get(&c->local_ip, c->local_addr);
}
apr_sockaddr_ip_get(&c->local_ip, c->local_addr);
- if ((rv = apr_socket_addr_get(&c->peer_addr, APR_REMOTE, csd))
+ if ((rv = apr_socket_addr_get(&c->client_addr, APR_REMOTE, csd))
!= APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_INFO, rv, server, APLOGNO(00138)
"apr_socket_addr_get(APR_REMOTE)");
!= APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_INFO, rv, server, APLOGNO(00138)
"apr_socket_addr_get(APR_REMOTE)");
- apr_sockaddr_ip_get(&c->peer_ip, c->peer_addr);
+ apr_sockaddr_ip_get(&c->client_ip, c->client_addr);
c->base_server = server;
c->id = id;
c->base_server = server;
c->id = id;
char *buf, int buflen)
{
if (info->r && !(arg && *arg == 'c'))
char *buf, int buflen)
{
if (info->r && !(arg && *arg == 'c'))
- return apr_snprintf(buf, buflen, "%s:%d", info->r->client_ip,
- info->r->client_addr->port);
+ return apr_snprintf(buf, buflen, "%s:%d", info->r->useragent_ip,
+ info->r->useragent_addr->port);
- return apr_snprintf(buf, buflen, "%s:%d", info->c->peer_ip,
- info->c->peer_addr->port);
+ return apr_snprintf(buf, buflen, "%s:%d", info->c->client_ip,
+ info->c->client_addr->port);
- * client_ip/peer_ip can be client or backend server. If we have a scoreboard
- * handle, it is likely a client.
+ * useragent_ip/client_ip can be client or backend server. If we have
+ * a scoreboard handle, it is likely a client.
*/
if (info->r) {
len += apr_snprintf(buf + len, buflen - len,
info->r->connection->sbh ? "[client %s:%d] " : "[remote %s:%d] ",
*/
if (info->r) {
len += apr_snprintf(buf + len, buflen - len,
info->r->connection->sbh ? "[client %s:%d] " : "[remote %s:%d] ",
- info->r->client_ip, info->r->client_addr->port);
+ info->r->useragent_ip, info->r->useragent_addr->port);
}
else if (info->c) {
len += apr_snprintf(buf + len, buflen - len,
info->c->sbh ? "[client %s:%d] " : "[remote %s:%d] ",
}
else if (info->c) {
len += apr_snprintf(buf + len, buflen - len,
info->c->sbh ? "[client %s:%d] " : "[remote %s:%d] ",
- info->c->peer_ip, info->c->peer_addr->port);
+ info->c->client_ip, info->c->client_addr->port);
}
/* the actual error message */
}
/* the actual error message */
*/
r->used_path_info = AP_REQ_DEFAULT_PATH_INFO;
*/
r->used_path_info = AP_REQ_DEFAULT_PATH_INFO;
- r->client_addr = conn->peer_addr;
- r->client_ip = conn->peer_ip;
+ r->useragent_addr = conn->client_addr;
+ r->useragent_ip = conn->client_ip;
tmp_bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
tmp_bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
rnew->output_filters = r->proto_output_filters;
}
rnew->output_filters = r->proto_output_filters;
}
- rnew->client_addr = r->client_addr;
- rnew->client_ip = r->client_ip;
+ rnew->useragent_addr = r->useragent_addr;
+ rnew->useragent_ip = r->useragent_ip;
/* no input filters for a subrequest */
/* no input filters for a subrequest */
case 1:
#if APR_HAVE_IPV6
{
case 1:
#if APR_HAVE_IPV6
{
- apr_sockaddr_t *addr = c->peer_addr;
+ apr_sockaddr_t *addr = c->client_addr;
if (addr->family == AF_INET6
&& !IN6_IS_ADDR_V4MAPPED((struct in6_addr *)addr->ipaddr_ptr))
return "on";
if (addr->family == AF_INET6
&& !IN6_IS_ADDR_V4MAPPED((struct in6_addr *)addr->ipaddr_ptr))
return "on";
case 2:
return c->log_id;
case 3:
case 2:
return c->log_id;
case 3:
default:
ap_assert(0);
return NULL;
default:
ap_assert(0);
return NULL;
case 27:
return r->status ? apr_psprintf(ctx->p, "%d", r->status) : "";
case 28:
case 27:
return r->status ? apr_psprintf(ctx->p, "%d", r->status) : "";
case 28:
+ return r->useragent_ip;
default:
ap_assert(0);
return NULL;
default:
ap_assert(0);
return NULL;
if (!ctx->r)
return FALSE;
if (!ctx->r)
return FALSE;
- return apr_ipsubnet_test(subnet, ctx->r->client_addr);
+ return apr_ipsubnet_test(subnet, ctx->r->useragent_addr);
}
static int op_T(ap_expr_eval_ctx_t *ctx, const void *data, const char *arg)
}
static int op_T(ap_expr_eval_ctx_t *ctx, const void *data, const char *arg)
apr_psprintf(r->pool, "%u", ap_get_server_port(r)));
add_unless_null(e, "REMOTE_HOST",
ap_get_remote_host(c, r->per_dir_config, REMOTE_HOST, NULL));
apr_psprintf(r->pool, "%u", ap_get_server_port(r)));
add_unless_null(e, "REMOTE_HOST",
ap_get_remote_host(c, r->per_dir_config, REMOTE_HOST, NULL));
- apr_table_addn(e, "REMOTE_ADDR", r->client_ip);
+ apr_table_addn(e, "REMOTE_ADDR", r->useragent_ip);
apr_table_addn(e, "DOCUMENT_ROOT", ap_document_root(r)); /* Apache */
apr_table_setn(e, "REQUEST_SCHEME", ap_http_scheme(r));
apr_table_addn(e, "CONTEXT_PREFIX", ap_context_prefix(r));
apr_table_addn(e, "DOCUMENT_ROOT", ap_document_root(r)); /* Apache */
apr_table_setn(e, "REQUEST_SCHEME", ap_http_scheme(r));
apr_table_addn(e, "CONTEXT_PREFIX", ap_context_prefix(r));
apr_table_addn(e, "SERVER_ADMIN", s->server_admin); /* Apache */
apr_table_addn(e, "SCRIPT_FILENAME", r->filename); /* Apache */
apr_table_addn(e, "SERVER_ADMIN", s->server_admin); /* Apache */
apr_table_addn(e, "SCRIPT_FILENAME", r->filename); /* Apache */
- rport = c->peer_addr->port;
+ rport = c->client_addr->port;
apr_table_addn(e, "REMOTE_PORT", apr_itoa(r->pool, rport));
if (r->user) {
apr_table_addn(e, "REMOTE_PORT", apr_itoa(r->pool, rport));
if (r->user) {