From 30393ababf9310acf8742a2a5540c1dcef356ec8 Mon Sep 17 00:00:00 2001 From: Jim Jagielski Date: Mon, 17 Feb 2014 14:12:30 +0000 Subject: [PATCH] Merge r1564052 from trunk: Correct the trusted proxy match test in mod_remoteip. PR 54651.\n\nSubmitted By: Yoshinori Ehara \nEndorsed By: Eugene L \nCommited By: mrumph Submitted by: mrumph Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1569006 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ modules/metadata/mod_remoteip.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index bce9064194..b112bc36ac 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.4.8 + *) mod_remoteip: Correct the trusted proxy match test. PR 54651. + [Yoshinori Ehara , Eugene L ] + *) mod_remoteip: Use the correct IP addresses to populate the proxy_ips field. PR 55972. [Mike Rumph] diff --git a/modules/metadata/mod_remoteip.c b/modules/metadata/mod_remoteip.c index 029d8226c3..61087590ec 100644 --- a/modules/metadata/mod_remoteip.c +++ b/modules/metadata/mod_remoteip.c @@ -246,14 +246,14 @@ static int remoteip_modify_request(request_rec *r) while (remote) { - /* verify c->client_addr is trusted if there is a trusted proxy list + /* verify user agent IP against the trusted proxy list */ if (config->proxymatch_ip) { int i; remoteip_proxymatch_t *match; match = (remoteip_proxymatch_t *)config->proxymatch_ip->elts; for (i = 0; i < config->proxymatch_ip->nelts; ++i) { - if (apr_ipsubnet_test(match[i].ip, c->client_addr)) { + if (apr_ipsubnet_test(match[i].ip, temp_sa)) { internal = match[i].internal; break; } -- 2.40.0