mod_remoteip: Use r->useragent_addr as the root trusted address for verifying.

This fixes issue resulting in setting of bad useragent_ip when internal
redirection has been generated as response to the request (typically as
result of "ErrorDocument 40x").

In this case, the original request has been handled by mod_remoteip and its
useragent_ip has been changed properly, but when internal redirection
to ErrorDocument has been generated later, the mod_remoteip's handler has been
executed again with *the same* c->client_addr as in the original request. If
c->client_addr IP is trusted, this results in bad useragent_ip being set.

When using r->useragent_addr as the root trusted address instead of
c->client_addr, the internal redirection uses the first non-trusted
IP in this particular case, so it won't change the r->useragent_ip during
the internal redirection to ErrorDocument.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1688399 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/metadata/mod_remoteip.c b/modules/metadata/mod_remoteip.c
index 0a1dfac49dd6ce4cfe9e6d9c02f91c34c6432763..28e01df2976f6bf28bb71dedf5b98542e18f8cb1 100644 (file)
--- a/modules/metadata/mod_remoteip.c
+++ b/modules/metadata/mod_remoteip.c
@@ -255,7 +255,7 @@ static int remoteip_modify_request(request_rec *r)
     }
     remote = apr_pstrdup(r->pool, remote);
 
-    temp_sa = c->client_addr;
+    temp_sa = r->useragent_addr ? r->useragent_addr : c->client_addr;
 
     while (remote) {