From: Igor Galić Date: Wed, 19 Jan 2011 12:48:17 +0000 (+0000) Subject: Add a patch from Vincent Deffontaines to make the adding of X-forwarded-* X-Git-Tag: 2.3.11~162 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ceb1766d2dc316b47306f940a9c7839e780d4e6b;p=apache Add a patch from Vincent Deffontaines to make the adding of X-forwarded-* headers configurable: ProxyAddHeaders, defaulting to 'On'. http://www.mail-archive.com/dev@httpd.apache.org/msg49971.html git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1060795 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 3d709e2978..a3848fb03c 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.3.11 + *) mod_proxy_http: make adding of X-Forwarded-* headers configurable. + ProxyAddHeaders defaults to On. [Vincent Deffontaines] + *) mod_slotmem_shm: Increase memory alignment for slotmem data. [Rainer Jung] diff --git a/docs/manual/mod/mod_proxy.xml b/docs/manual/mod/mod_proxy.xml index 8c127f6bdb..815a246957 100644 --- a/docs/manual/mod/mod_proxy.xml +++ b/docs/manual/mod/mod_proxy.xml @@ -1702,4 +1702,25 @@ header for proxied requests + +ProxyAddHeaders +Add proxy information in X-Forwarded-* headers +ProxyAddHeaders Off|On +ProxyAddHeaders On +server config +virtual host +directory + +Available in version 2.3.10 and later + + +

This directive determines whether or not proxy related information should be passed to the + backend server through X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server HTTP headers.

+ Effectiveness +

This option is of use only for HTTP proxying, as handled by mod_proxy_http.

+ + + + + diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c index 90388a3f07..490e54c7f3 100644 --- a/modules/proxy/mod_proxy.c +++ b/modules/proxy/mod_proxy.c @@ -1246,6 +1246,7 @@ static void *create_proxy_dir_config(apr_pool_t *p, char *dummy) new->interpolate_env = -1; /* unset */ new->error_override = 0; new->error_override_set = 0; + new->add_forwarded_headers = 1; return (void *) new; } @@ -1278,6 +1279,7 @@ static void *merge_proxy_dir_config(apr_pool_t *p, void *basev, void *addv) new->error_override_set = add->error_override_set || base->error_override_set; new->alias = (add->alias_set == 0) ? base->alias : add->alias; new->alias_set = add->alias_set || base->alias_set; + new->add_forwarded_headers = add->add_forwarded_headers; return new; } @@ -1708,6 +1710,13 @@ static const char * conf->error_override_set = 1; return NULL; } +static const char * + add_proxy_http_headers(cmd_parms *parms, void *dconf, int flag) +{ + proxy_dir_conf *conf = dconf; + conf->add_forwarded_headers = flag; + return NULL; +} static const char * set_preserve_host(cmd_parms *parms, void *dconf, int flag) { @@ -2225,6 +2234,8 @@ static const command_rec proxy_cmds[] = "A balancer or worker name with list of params"), AP_INIT_TAKE1("ProxySourceAddress", set_source_address, NULL, RSRC_CONF, "Configure local source IP used for request forward"), + AP_INIT_FLAG("ProxyAddHeaders", add_proxy_http_headers, NULL, RSRC_CONF|ACCESS_CONF, + "on if X-Forwarded-* headers should be added or completed"), {NULL} }; diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h index 2d956ce071..d394f7279e 100644 --- a/modules/proxy/mod_proxy.h +++ b/modules/proxy/mod_proxy.h @@ -206,6 +206,7 @@ typedef struct { int preserve_host_set:1; int error_override_set:1; int alias_set:1; + int add_forwarded_headers:1; } proxy_dir_conf; /* if we interpolate env vars per-request, we'll need a per-request diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c index 5255c72f26..958e4e10d1 100644 --- a/modules/proxy/mod_proxy_http.c +++ b/modules/proxy/mod_proxy_http.c @@ -851,29 +851,30 @@ int ap_proxy_http_request(apr_pool_t *p, request_rec *r, * a forward proxy configuation instead of X-Forwarded-*. See the * ProxyVia option for details. */ - - if (PROXYREQ_REVERSE == r->proxyreq) { - const char *buf; - - /* Add X-Forwarded-For: so that the upstream has a chance to - * determine, where the original request came from. - */ - apr_table_mergen(r->headers_in, "X-Forwarded-For", - c->remote_ip); - - /* Add X-Forwarded-Host: so that upstream knows what the - * original request hostname was. - */ - if ((buf = apr_table_get(r->headers_in, "Host"))) { - apr_table_mergen(r->headers_in, "X-Forwarded-Host", buf); - } - - /* Add X-Forwarded-Server: so that upstream knows what the - * name of this proxy server is (if there are more than one) - * XXX: This duplicates Via: - do we strictly need it? - */ - apr_table_mergen(r->headers_in, "X-Forwarded-Server", - r->server->server_hostname); + if (dconf->add_forwarded_headers) { + if (PROXYREQ_REVERSE == r->proxyreq) { + const char *buf; + + /* Add X-Forwarded-For: so that the upstream has a chance to + * determine, where the original request came from. + */ + apr_table_mergen(r->headers_in, "X-Forwarded-For", + c->remote_ip); + + /* Add X-Forwarded-Host: so that upstream knows what the + * original request hostname was. + */ + if ((buf = apr_table_get(r->headers_in, "Host"))) { + apr_table_mergen(r->headers_in, "X-Forwarded-Host", buf); + } + + /* Add X-Forwarded-Server: so that upstream knows what the + * name of this proxy server is (if there are more than one) + * XXX: This duplicates Via: - do we strictly need it? + */ + apr_table_mergen(r->headers_in, "X-Forwarded-Server", + r->server->server_hostname); + } } proxy_run_fixups(r);