Add sockaddr to proxy_conn_rec. Using the workers address

is unsafe for forward proxy workers, cause unlike reverse
proxies the forward can have each connection with different
remote address.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105046 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
index b3a634d900247b752a4ef0eaf57f43f90075d423..147001e02ba0a70e1e626f3c460fbf17991853f3 100644 (file)
--- a/modules/proxy/mod_proxy.h
+++ b/modules/proxy/mod_proxy.h
@@ -198,6 +198,7 @@ typedef struct {
     int          is_ssl;
     apr_pool_t   *pool;     /* Subpool used for creating socket */
     apr_socket_t *sock;     /* Connection socket */
+    apr_sockaddr_t *addr;   /* Preparsed remote address info */
     apr_uint32_t flags;     /* Conection flags */
     int          close;     /* Close 'this' connection */
     int          close_on_recycle; /* Close the connection when returning to pool */

diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index 4cceea41d1501f804f6551a39e48e9eb1f2feb92..6da107b6c3a741b78a100ed80de042845a81eacc 100644 (file)
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -1657,14 +1657,16 @@ ap_proxy_determine_connection(apr_pool_t *p, request_rec *r,
                            uri->fragment ? "#" : "",
                            uri->fragment ? uri->fragment : "", NULL);
     }
-
+    
+    /* TODO: add address cache for forward proxies */
+    conn->addr = worker->cp->addr;
     if (r->proxyreq == PROXYREQ_PROXY) {
-        err = apr_sockaddr_info_get(&(worker->cp->addr),
+        err = apr_sockaddr_info_get(&(conn->addr),
                                     conn->hostname, APR_UNSPEC,
                                     conn->port, 0,
                                     p);
     }
-    else if (!worker->cp->addr)
+    else if (!worker->cp->addr) {
         /* Worker can have the single constant backend adress.
          * The single DNS lookup is used once per worker.
         * If dynamic change is needed then set the addr to NULL
@@ -1674,7 +1676,8 @@ ap_proxy_determine_connection(apr_pool_t *p, request_rec *r,
                                     conn->hostname, APR_UNSPEC,
                                     conn->port, 0,
                                     worker->cp->pool);
-
+        conn->addr = worker->cp->addr;
+    }
     if (err != APR_SUCCESS) {
         return ap_proxyerror(r, HTTP_BAD_GATEWAY,
                              apr_pstrcat(p, "DNS lookup failure for: ",
@@ -1693,7 +1696,7 @@ ap_proxy_determine_connection(apr_pool_t *p, request_rec *r,
     }
 
     /* check if ProxyBlock directive on this host */
-    if (OK != ap_proxy_checkproxyblock(r, conf, worker->cp->addr)) {
+    if (OK != ap_proxy_checkproxyblock(r, conf, conn->addr)) {
         return ap_proxyerror(r, HTTP_FORBIDDEN,
                              "Connect to remote machine blocked");
     }
@@ -1729,7 +1732,7 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function,
     apr_status_t rv;
     int connected = 0;
     int loglevel;
-    apr_sockaddr_t *backend_addr = worker->cp->addr;
+    apr_sockaddr_t *backend_addr = conn->addr;
     apr_socket_t *newsock;
     
     if (conn->sock) {
@@ -1833,7 +1836,7 @@ PROXY_DECLARE(int) ap_proxy_connection_create(const char *proxy_function,
                                               server_rec *s)
 {
     proxy_worker *worker = conn->worker;
-    apr_sockaddr_t *backend_addr = worker->cp->addr;
+    apr_sockaddr_t *backend_addr = conn->addr;
 
     /* The socket is now open, create a new backend server connection 
     *