From 1ef8c3824cb93223a131304add54cc106e7b3a19 Mon Sep 17 00:00:00 2001 From: Mike Rumph Date: Mon, 3 Feb 2014 21:01:17 +0000 Subject: [PATCH] Correct the trusted proxy match test in mod_remoteip. PR 54651.\n\nSubmitted By: Yoshinori Ehara \nEndorsed By: Eugene L \nCommited By: mrumph git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1564052 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ modules/metadata/mod_remoteip.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index fb2d96c99d..1a31c7afab 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) mod_remoteip: Correct the trusted proxy match test. PR 54651. + [Yoshinori Ehara , Eugene L ] + *) mod_rewrite: Add %{CONN_REMOTE_ADDR} as the non-useragent counterpart to %{REMOTE_ADDR}. PR 56094. [Edward Lu ] diff --git a/modules/metadata/mod_remoteip.c b/modules/metadata/mod_remoteip.c index 1926066119..079fb1f17d 100644 --- a/modules/metadata/mod_remoteip.c +++ b/modules/metadata/mod_remoteip.c @@ -246,14 +246,14 @@ static int remoteip_modify_request(request_rec *r) while (remote) { - /* verify c->client_addr is trusted if there is a trusted proxy list + /* verify user agent IP against the trusted proxy list */ if (config->proxymatch_ip) { int i; remoteip_proxymatch_t *match; match = (remoteip_proxymatch_t *)config->proxymatch_ip->elts; for (i = 0; i < config->proxymatch_ip->nelts; ++i) { - if (apr_ipsubnet_test(match[i].ip, c->client_addr)) { + if (apr_ipsubnet_test(match[i].ip, temp_sa)) { internal = match[i].internal; break; } -- 2.40.0