From: Mike Rumph Date: Mon, 3 Feb 2014 21:01:17 +0000 (+0000) Subject: Correct the trusted proxy match test in mod_remoteip. PR 54651.\n\nSubmitted By:... X-Git-Tag: 2.5.0-alpha~4536 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1ef8c3824cb93223a131304add54cc106e7b3a19;p=apache Correct the trusted proxy match test in mod_remoteip. PR 54651.\n\nSubmitted By: Yoshinori Ehara \nEndorsed By: Eugene L \nCommited By: mrumph git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1564052 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index fb2d96c99d..1a31c7afab 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) mod_remoteip: Correct the trusted proxy match test. PR 54651. + [Yoshinori Ehara , Eugene L ] + *) mod_rewrite: Add %{CONN_REMOTE_ADDR} as the non-useragent counterpart to %{REMOTE_ADDR}. PR 56094. [Edward Lu ] diff --git a/modules/metadata/mod_remoteip.c b/modules/metadata/mod_remoteip.c index 1926066119..079fb1f17d 100644 --- a/modules/metadata/mod_remoteip.c +++ b/modules/metadata/mod_remoteip.c @@ -246,14 +246,14 @@ static int remoteip_modify_request(request_rec *r) while (remote) { - /* verify c->client_addr is trusted if there is a trusted proxy list + /* verify user agent IP against the trusted proxy list */ if (config->proxymatch_ip) { int i; remoteip_proxymatch_t *match; match = (remoteip_proxymatch_t *)config->proxymatch_ip->elts; for (i = 0; i < config->proxymatch_ip->nelts; ++i) { - if (apr_ipsubnet_test(match[i].ip, c->client_addr)) { + if (apr_ipsubnet_test(match[i].ip, temp_sa)) { internal = match[i].internal; break; }