Correct the trusted proxy match test in mod_remoteip. PR 54651.\n\nSubmitted By:...

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1564052 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index fb2d96c99d0c4f2e55ee8b9492664864127b5ee9..1a31c7afab2adb61d4d2e28cb561438bef08a26a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_remoteip: Correct the trusted proxy match test. PR 54651.
+     [Yoshinori Ehara <yoshinori ehara gmail com>, Eugene L <eugenel amazon com>]
+
   *) mod_rewrite: Add %{CONN_REMOTE_ADDR} as the non-useragent counterpart to
      %{REMOTE_ADDR}. PR 56094. [Edward Lu <Chaosed0 gmail com>]
 

diff --git a/modules/metadata/mod_remoteip.c b/modules/metadata/mod_remoteip.c
index 1926066119a0de4f5f67e6579e9e7ba5e3d5489f..079fb1f17dc307f898b1b5a3e7a3e302407480e1 100644 (file)
--- a/modules/metadata/mod_remoteip.c
+++ b/modules/metadata/mod_remoteip.c
@@ -246,14 +246,14 @@ static int remoteip_modify_request(request_rec *r)
 
     while (remote) {
 
-        /* verify c->client_addr is trusted if there is a trusted proxy list
+        /* verify user agent IP against the trusted proxy list
          */
         if (config->proxymatch_ip) {
             int i;
             remoteip_proxymatch_t *match;
             match = (remoteip_proxymatch_t *)config->proxymatch_ip->elts;
             for (i = 0; i < config->proxymatch_ip->nelts; ++i) {
-                if (apr_ipsubnet_test(match[i].ip, c->client_addr)) {
+                if (apr_ipsubnet_test(match[i].ip, temp_sa)) {
                     internal = match[i].internal;
                     break;
                 }