From 4ee7eea4cf60fad5fca9fe9c39d306ae870b5907 Mon Sep 17 00:00:00 2001 From: Graham Leggett Date: Tue, 22 Nov 2011 13:10:39 +0000 Subject: [PATCH] Introduce a per request version of the remote IP address, which can be optionally modified by a module when the effective IP of the client is not the same as the real IP of the client (such as a load balancer). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1204968 13f79535-47bb-0310-9956-ffa450edef68 --- include/httpd.h | 6 ++ modules/aaa/mod_access_compat.c | 2 +- modules/aaa/mod_authz_host.c | 8 +- modules/arch/netware/mod_nw_ssl.c | 4 +- modules/filters/mod_ext_filter.c | 2 +- modules/http/http_request.c | 3 + modules/loggers/mod_log_config.c | 9 ++- modules/mappers/mod_rewrite.c | 6 +- modules/metadata/mod_remoteip.c | 130 ++++++++---------------------- modules/metadata/mod_setenvif.c | 2 +- modules/proxy/ajp_header.c | 4 +- modules/proxy/mod_proxy_http.c | 2 +- modules/ssl/ssl_engine_kernel.c | 2 +- modules/ssl/ssl_engine_vars.c | 4 +- server/log.c | 31 +++++-- server/protocol.c | 3 + server/request.c | 3 + server/util_expr_eval.c | 20 ++--- 18 files changed, 108 insertions(+), 133 deletions(-) diff --git a/include/httpd.h b/include/httpd.h index 39d10e1c4c..c56a88b5b2 100644 --- a/include/httpd.h +++ b/include/httpd.h @@ -1003,6 +1003,12 @@ struct request_rec { apr_uri_t parsed_uri; /** finfo.protection (st_mode) set to zero if no such file */ apr_finfo_t finfo; + + /** remote address information from conn_rec, can be overridden if + * necessary by a module. + */ + apr_sockaddr_t *remote_addr; + char *remote_ip; }; /** diff --git a/modules/aaa/mod_access_compat.c b/modules/aaa/mod_access_compat.c index 3d5d535f44..00352bada9 100644 --- a/modules/aaa/mod_access_compat.c +++ b/modules/aaa/mod_access_compat.c @@ -271,7 +271,7 @@ static int find_allowdeny(request_rec *r, apr_array_header_t *a, int method) return 1; case T_IP: - if (apr_ipsubnet_test(ap[i].x.ip, r->connection->remote_addr)) { + if (apr_ipsubnet_test(ap[i].x.ip, r->remote_addr)) { return 1; } break; diff --git a/modules/aaa/mod_authz_host.c b/modules/aaa/mod_authz_host.c index 2bc7f20e87..f418cbe140 100644 --- a/modules/aaa/mod_authz_host.c +++ b/modules/aaa/mod_authz_host.c @@ -153,7 +153,7 @@ static authz_status ip_check_authorization(request_rec *r, apr_ipsubnet_t **ip = (apr_ipsubnet_t **)parsed_require_line; while (*ip) { - if (apr_ipsubnet_test(*ip, r->connection->remote_addr)) + if (apr_ipsubnet_test(*ip, r->remote_addr)) return AUTHZ_GRANTED; ip++; } @@ -201,10 +201,10 @@ static authz_status local_check_authorization(request_rec *r, const void *parsed_require_line) { if ( apr_sockaddr_equal(r->connection->local_addr, - r->connection->remote_addr) - || apr_ipsubnet_test(localhost_v4, r->connection->remote_addr) + r->remote_addr) + || apr_ipsubnet_test(localhost_v4, r->remote_addr) #if APR_HAVE_IPV6 - || apr_ipsubnet_test(localhost_v6, r->connection->remote_addr) + || apr_ipsubnet_test(localhost_v6, r->remote_addr) #endif ) { diff --git a/modules/arch/netware/mod_nw_ssl.c b/modules/arch/netware/mod_nw_ssl.c index 7b64ebfa2f..ce7a4171a5 100644 --- a/modules/arch/netware/mod_nw_ssl.c +++ b/modules/arch/netware/mod_nw_ssl.c @@ -1000,6 +1000,8 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, result = r->uri; else if (strcEQ(var, "REQUEST_FILENAME")) result = r->filename; + else if (strcEQ(var, "REMOTE_ADDR")) + result = r->remote_ip; else if (strcEQ(var, "REMOTE_HOST")) result = ap_get_remote_host(r->connection, r->per_dir_config, REMOTE_NAME, NULL); @@ -1055,8 +1057,6 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)) result = NULL; - else if (strcEQ(var, "REMOTE_ADDR")) - result = c->remote_ip; } /* diff --git a/modules/filters/mod_ext_filter.c b/modules/filters/mod_ext_filter.c index 1fd0a9ef6b..558e990e4a 100644 --- a/modules/filters/mod_ext_filter.c +++ b/modules/filters/mod_ext_filter.c @@ -406,7 +406,7 @@ static void child_errfn(apr_pool_t *pool, apr_status_t err, const char *descript apr_file_printf(stderr_log, "[%s] [client %s] mod_ext_filter (%d)%s: %s\n", time_str, - r->connection->remote_ip, + r->remote_ip, err, apr_strerror(err, errbuf, sizeof(errbuf)), description); diff --git a/modules/http/http_request.c b/modules/http/http_request.c index 9d67a29a9d..66da594930 100644 --- a/modules/http/http_request.c +++ b/modules/http/http_request.c @@ -439,6 +439,9 @@ static request_rec *internal_internal_redirect(const char *new_uri, new->prev = r; r->next = new; + new->remote_addr = r->remote_addr; + new->remote_ip = r->remote_ip; + /* Must have prev and next pointers set before calling create_request * hook. */ diff --git a/modules/loggers/mod_log_config.c b/modules/loggers/mod_log_config.c index fc7b83ae1e..1f7642771c 100644 --- a/modules/loggers/mod_log_config.c +++ b/modules/loggers/mod_log_config.c @@ -310,7 +310,12 @@ static const char *log_remote_host(request_rec *r, char *a) static const char *log_remote_address(request_rec *r, char *a) { - return r->connection->remote_ip; + if (a && !strcmp(a, "c")) { + return r->connection->remote_ip; + } + else { + return r->remote_ip; + } } static const char *log_local_address(request_rec *r, char *a) @@ -758,7 +763,7 @@ static const char *log_server_port(request_rec *r, char *a) port = r->server->port ? r->server->port : ap_default_port(r); } else if (!strcasecmp(a, "remote")) { - port = r->connection->remote_addr->port; + port = r->remote_addr->port; } else if (!strcasecmp(a, "local")) { port = r->connection->local_addr->port; diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c index 014f591110..1cb4f1ca74 100644 --- a/modules/mappers/mod_rewrite.c +++ b/modules/mappers/mod_rewrite.c @@ -1860,7 +1860,7 @@ static char *lookup_variable(char *var, rewrite_ctx *ctx) else if (!strcmp(var, "IPV6")) { int flag = FALSE; #if APR_HAVE_IPV6 - apr_sockaddr_t *addr = r->connection->remote_addr; + apr_sockaddr_t *addr = r->remote_addr; flag = (addr->family == AF_INET6 && !IN6_IS_ADDR_V4MAPPED((struct in6_addr *)addr->ipaddr_ptr)); rewritelog((r, 1, ctx->perdir, "IPV6='%s'", flag ? "on" : "off")); @@ -1966,7 +1966,7 @@ static char *lookup_variable(char *var, rewrite_ctx *ctx) case 'D': if (*var == 'R' && !strcmp(var, "REMOTE_ADDR")) { - result = r->connection->remote_ip; + result = r->remote_ip; } else if (!strcmp(var, "SERVER_ADDR")) { result = r->connection->local_ip; @@ -2005,7 +2005,7 @@ static char *lookup_variable(char *var, rewrite_ctx *ctx) REMOTE_NAME, NULL); } else if (!strcmp(var, "REMOTE_PORT")) { - return apr_itoa(r->pool, r->connection->remote_addr->port); + return apr_itoa(r->pool, r->remote_addr->port); } break; diff --git a/modules/metadata/mod_remoteip.c b/modules/metadata/mod_remoteip.c index 246937bac7..43622eb9ec 100644 --- a/modules/metadata/mod_remoteip.c +++ b/modules/metadata/mod_remoteip.c @@ -51,19 +51,13 @@ typedef struct { } remoteip_config_t; typedef struct { - /** The previous proxy-via request header value */ - const char *prior_remote; - /** The unmodified original ip and address */ - const char *orig_ip; - apr_sockaddr_t *orig_addr; + apr_sockaddr_t *remote_addr; + char *remote_ip; /** The list of proxy ip's ignored as remote ip's */ const char *proxy_ips; /** The remaining list of untrusted proxied remote ip's */ const char *proxied_remote; - /** The most recently modified ip and address record */ - const char *proxied_ip; - apr_sockaddr_t proxied_addr; -} remoteip_conn_t; +} remoteip_req_t; static void *create_remoteip_server_config(apr_pool_t *p, server_rec *s) { @@ -222,54 +216,34 @@ static const char *proxylist_read(cmd_parms *cmd, void *cfg, return NULL; } -static int remoteip_modify_connection(request_rec *r) +static int remoteip_modify_request(request_rec *r) { conn_rec *c = r->connection; remoteip_config_t *config = (remoteip_config_t *) ap_get_module_config(r->server->module_config, &remoteip_module); - remoteip_conn_t *conn; -#ifdef REMOTEIP_OPTIMIZED - apr_sockaddr_t temp_sa_buff; - apr_sockaddr_t *temp_sa = &temp_sa_buff; -#else + remoteip_req_t *req = NULL; + apr_sockaddr_t *temp_sa; -#endif + apr_status_t rv; - char *remote = (char *) apr_table_get(r->headers_in, config->header_name); + char *remote; char *proxy_ips = NULL; char *parse_remote; char *eos; unsigned char *addrbyte; void *internal = NULL; - apr_pool_userdata_get((void*)&conn, "mod_remoteip-conn", c->pool); - - if (conn) { - if (remote && (strcmp(remote, conn->prior_remote) == 0)) { - /* TODO: Recycle r-> overrides from previous request - */ - goto ditto_request_rec; - } - else { - /* TODO: Revert connection from previous request - */ - c->remote_addr = conn->orig_addr; - c->remote_ip = (char *) conn->orig_ip; - } + if (!config->header_name) { + return DECLINED; } + remote = (char *) apr_table_get(r->headers_in, config->header_name); if (!remote) { return OK; } - remote = apr_pstrdup(r->pool, remote); -#ifdef REMOTEIP_OPTIMIZED - memcpy(temp_sa, c->remote_addr, sizeof(*temp_sa)); - temp_sa->pool = r->pool; -#else temp_sa = c->remote_addr; -#endif while (remote) { @@ -317,21 +291,6 @@ static int remoteip_modify_connection(request_rec *r) break; } -#ifdef REMOTEIP_OPTIMIZED - /* Decode remote_addr - sucks; apr_sockaddr_vars_set isn't 'public' */ - if (inet_pton(AF_INET, parse_remote, - &temp_sa->sa.sin.sin_addr) > 0) { - apr_sockaddr_vars_set(temp_sa, APR_INET, temp_sa.port); - } -#if APR_HAVE_IPV6 - else if (inet_pton(AF_INET6, parse_remote, - &temp_sa->sa.sin6.sin6_addr) > 0) { - apr_sockaddr_vars_set(temp_sa, APR_INET6, temp_sa.port); - } -#endif - else { - rv = apr_get_netos_error(); -#else /* !REMOTEIP_OPTIMIZED */ /* We map as IPv4 rather than IPv6 for equivilant host names * or IPV4OVERIPV6 */ @@ -339,11 +298,11 @@ static int remoteip_modify_connection(request_rec *r) APR_UNSPEC, temp_sa->port, APR_IPV4_ADDR_OK, r->pool); if (rv != APR_SUCCESS) { -#endif ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, r, "RemoteIP: Header %s value of %s cannot be parsed " "as a client IP", config->header_name, parse_remote); + if (remote) { *(remote + strlen(remote)) = ','; } @@ -351,6 +310,7 @@ static int remoteip_modify_connection(request_rec *r) remote = parse_remote; } break; + } addrbyte = (unsigned char *) &temp_sa->sa.sin.sin_addr; @@ -387,14 +347,13 @@ static int remoteip_modify_connection(request_rec *r) else { remote = parse_remote; } + break; } - if (!conn) { - conn = (remoteip_conn_t *) apr_palloc(c->pool, sizeof(*conn)); - apr_pool_userdata_set(conn, "mod_remoteip-conn", NULL, c->pool); - conn->orig_addr = c->remote_addr; - conn->orig_ip = c->remote_ip; + /* save away our results */ + if (!req) { + req = (remoteip_req_t *) apr_palloc(r->pool, sizeof(remoteip_req_t)); } /* Set remote_ip string */ @@ -408,64 +367,41 @@ static int remoteip_modify_connection(request_rec *r) } } - c->remote_addr = temp_sa; - apr_sockaddr_ip_get(&c->remote_ip, c->remote_addr); + req->remote_addr = temp_sa; + apr_sockaddr_ip_get(&req->remote_ip, req->remote_addr); } /* Nothing happened? */ - if (!conn || (c->remote_addr == conn->orig_addr)) { + if (!req) { return OK; } - /* Fixups here, remote becomes the new Via header value, etc - * In the heavy operations above we used request scope, to limit - * conn pool memory growth on keepalives, so here we must scope - * the final results to the connection pool lifetime. - * To limit memory growth, we keep recycling the same buffer - * for the final apr_sockaddr_t in the remoteip conn rec. - */ - c->remote_ip = apr_pstrdup(c->pool, c->remote_ip); - conn->proxied_ip = c->remote_ip; - memcpy(&conn->proxied_addr, temp_sa, sizeof(*temp_sa)); - conn->proxied_addr.pool = c->pool; - c->remote_addr = &conn->proxied_addr; - - if (remote) { - remote = apr_pstrdup(c->pool, remote); - } - conn->proxied_remote = remote; - conn->prior_remote = apr_pstrdup(c->pool, apr_table_get(r->headers_in, - config->header_name)); - if (proxy_ips) { - proxy_ips = apr_pstrdup(c->pool, proxy_ips); - } - conn->proxy_ips = proxy_ips; + req->proxied_remote = remote; + req->proxy_ips = proxy_ips; - /* Unset remote_host string DNS lookups */ - c->remote_host = NULL; - c->remote_logname = NULL; - -ditto_request_rec: - if (conn->proxied_remote) { + if (req->proxied_remote) { apr_table_setn(r->headers_in, config->header_name, - conn->proxied_remote); + req->proxied_remote); } else { apr_table_unset(r->headers_in, config->header_name); } - if (conn->proxy_ips) { - apr_table_setn(r->notes, "remoteip-proxy-ip-list", conn->proxy_ips); + if (req->proxy_ips) { + apr_table_setn(r->notes, "remoteip-proxy-ip-list", req->proxy_ips); if (config->proxies_header_name) { apr_table_setn(r->headers_in, config->proxies_header_name, - conn->proxy_ips); + req->proxy_ips); } } + r->remote_addr = req->remote_addr; + r->remote_ip = req->remote_ip; + ap_log_rerror(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r, - conn->proxy_ips + req->proxy_ips ? "Using %s as client's IP by proxies %s" : "Using %s as client's IP by internal proxies", - conn->proxied_ip, conn->proxy_ips); + req->remote_ip, req->proxy_ips); return OK; } @@ -497,7 +433,7 @@ static const command_rec remoteip_cmds[] = static void register_hooks(apr_pool_t *p) { - ap_hook_post_read_request(remoteip_modify_connection, NULL, NULL, APR_HOOK_FIRST); + ap_hook_post_read_request(remoteip_modify_request, NULL, NULL, APR_HOOK_FIRST); } AP_DECLARE_MODULE(remoteip) = { diff --git a/modules/metadata/mod_setenvif.c b/modules/metadata/mod_setenvif.c index e773719b42..383f6b73e0 100644 --- a/modules/metadata/mod_setenvif.c +++ b/modules/metadata/mod_setenvif.c @@ -527,7 +527,7 @@ static int match_headers(request_rec *r) last_name = b->name; switch (b->special_type) { case SPECIAL_REMOTE_ADDR: - val = r->connection->remote_ip; + val = r->remote_ip; break; case SPECIAL_SERVER_ADDR: val = r->connection->local_ip; diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c index 0fc8e195ff..80977b0a64 100644 --- a/modules/proxy/ajp_header.c +++ b/modules/proxy/ajp_header.c @@ -247,7 +247,7 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg, ajp_msg_append_uint8(msg, (apr_byte_t) method) || ajp_msg_append_string(msg, r->protocol) || ajp_msg_append_string(msg, uri->path) || - ajp_msg_append_string(msg, r->connection->remote_ip) || + ajp_msg_append_string(msg, r->remote_ip) || ajp_msg_append_string(msg, remote_host) || ajp_msg_append_string(msg, ap_get_server_name(r)) || ajp_msg_append_uint16(msg, (apr_uint16_t)r->connection->local_addr->port) || @@ -413,7 +413,7 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg, */ { const char *key = SC_A_REQ_REMOTE_PORT; - char *val = apr_itoa(r->pool, r->connection->remote_addr->port); + char *val = apr_itoa(r->pool, r->remote_addr->port); if (ajp_msg_append_uint8(msg, SC_A_REQ_ATTRIBUTE) || ajp_msg_append_string(msg, key) || ajp_msg_append_string(msg, val)) { diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c index cd61563ae6..909fe30168 100644 --- a/modules/proxy/mod_proxy_http.c +++ b/modules/proxy/mod_proxy_http.c @@ -858,7 +858,7 @@ int ap_proxy_http_request(apr_pool_t *p, request_rec *r, * determine, where the original request came from. */ apr_table_mergen(r->headers_in, "X-Forwarded-For", - c->remote_ip); + r->remote_ip); /* Add X-Forwarded-Host: so that upstream knows what the * original request hostname was. diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 0ba483125f..cb0b04110b 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -917,7 +917,7 @@ int ssl_hook_Access(request_rec *r) ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "Access to %s denied for %s " "(requirement expression not fulfilled)", - r->filename, r->connection->remote_ip); + r->filename, r->remote_ip); ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "Failed expression: %s", req->cpExpr); diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c index c0e933d303..5e6edf2118 100644 --- a/modules/ssl/ssl_engine_vars.c +++ b/modules/ssl/ssl_engine_vars.c @@ -187,6 +187,8 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, result = r->uri; else if (strcEQ(var, "REQUEST_FILENAME")) result = r->filename; + else if (strcEQ(var, "REMOTE_ADDR")) + result = r->remote_ip; else if (strcEQ(var, "REMOTE_HOST")) result = ap_get_remote_host(r->connection, r->per_dir_config, REMOTE_NAME, NULL); @@ -242,8 +244,6 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, if (strlen(var) > 4 && strcEQn(var, "SSL_", 4) && sslconn && sslconn->ssl) result = ssl_var_lookup_ssl(p, c, r, var+4); - else if (strcEQ(var, "REMOTE_ADDR")) - result = c->remote_ip; else if (strcEQ(var, "HTTPS")) { if (sslconn && sslconn->ssl) result = "on"; diff --git a/server/log.c b/server/log.c index 605d75bbea..641d256af6 100644 --- a/server/log.c +++ b/server/log.c @@ -561,7 +561,10 @@ static int cpystrn(char *buf, const char *arg, int buflen) static int log_remote_address(const ap_errorlog_info *info, const char *arg, char *buf, int buflen) { - if (info->c) + if (info->r) + return apr_snprintf(buf, buflen, "%s:%d", info->r->remote_ip, + info->r->remote_addr->port); + else if (info->c) return apr_snprintf(buf, buflen, "%s:%d", info->c->remote_ip, info->c->remote_addr->port); else @@ -578,6 +581,16 @@ static int log_local_address(const ap_errorlog_info *info, const char *arg, return 0; } +static int log_conn_remote_address(const ap_errorlog_info *info, const char *arg, + char *buf, int buflen) +{ + if (info->c) + return apr_snprintf(buf, buflen, "%s:%d", info->c->remote_ip, + info->c->remote_addr->port); + else + return 0; +} + static int log_pid(const ap_errorlog_info *info, const char *arg, char *buf, int buflen) { @@ -897,6 +910,7 @@ AP_DECLARE(void) ap_register_log_hooks(apr_pool_t *p) ap_register_errorlog_handler(p, "T", log_tid, 0); ap_register_errorlog_handler(p, "v", log_virtual_host, 0); ap_register_errorlog_handler(p, "V", log_server_name, 0); + ap_register_errorlog_handler(p, "d", log_conn_remote_address, 0); } /* @@ -958,11 +972,16 @@ static int do_errorlog_default(const ap_errorlog_info *info, char *buf, } } - if (info->c) { - /* - * remote_ip can be client or backend server. If we have a scoreboard - * handle, it is likely a client. - */ + /* + * remote_ip can be client or backend server. If we have a scoreboard + * handle, it is likely a client. + */ + if (info->r) { + len += apr_snprintf(buf + len, buflen - len, + info->r->connection->sbh ? "[client %s:%d] " : "[remote %s:%d] ", + info->r->remote_ip, info->r->remote_addr->port); + } + else if (info->c) { len += apr_snprintf(buf + len, buflen - len, info->c->sbh ? "[client %s:%d] " : "[remote %s:%d] ", info->c->remote_ip, info->c->remote_addr->port); diff --git a/server/protocol.c b/server/protocol.c index 2d2bc05ca0..d111e5fb45 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -979,6 +979,9 @@ request_rec *ap_read_request(conn_rec *conn) */ r->used_path_info = AP_REQ_DEFAULT_PATH_INFO; + r->remote_addr = conn->remote_addr; + r->remote_ip = conn->remote_ip; + tmp_bb = apr_brigade_create(r->pool, r->connection->bucket_alloc); ap_run_pre_read_request(r, conn); diff --git a/server/request.c b/server/request.c index f8f0605674..a5d0f62f81 100644 --- a/server/request.c +++ b/server/request.c @@ -1832,6 +1832,9 @@ static request_rec *make_sub_request(const request_rec *r, rnew->output_filters = r->proto_output_filters; } + rnew->remote_addr = r->remote_addr; + rnew->remote_ip = r->remote_ip; + /* no input filters for a subrequest */ ap_set_sub_req_protocol(rnew, r); diff --git a/server/util_expr_eval.c b/server/util_expr_eval.c index 81143e5ac4..d1199d1703 100644 --- a/server/util_expr_eval.c +++ b/server/util_expr_eval.c @@ -1181,10 +1181,9 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *)); static APR_OPTIONAL_FN_TYPE(ssl_is_https) *is_https = NULL; static const char *conn_var_names[] = { - "REMOTE_ADDR", /* 0 */ - "HTTPS", /* 1 */ - "IPV6", /* 2 */ - "CONN_LOG_ID", /* 3 */ + "HTTPS", /* 0 */ + "IPV6", /* 1 */ + "CONN_LOG_ID", /* 2 */ NULL }; @@ -1197,13 +1196,11 @@ static const char *conn_var_fn(ap_expr_eval_ctx_t *ctx, const void *data) switch (index) { case 0: - return c->remote_ip; - case 1: if (is_https && is_https(c)) return "on"; else return "off"; - case 2: + case 1: #if APR_HAVE_IPV6 { apr_sockaddr_t *addr = c->remote_addr; @@ -1216,7 +1213,7 @@ static const char *conn_var_fn(ap_expr_eval_ctx_t *ctx, const void *data) #else return "off"; #endif - case 3: + case 2: return c->log_id; default: ap_assert(0); @@ -1253,6 +1250,7 @@ static const char *request_var_names[] = { "CONTEXT_PREFIX", /* 25 */ "CONTEXT_DOCUMENT_ROOT", /* 26 */ "REQUEST_STATUS", /* 27 */ + "REMOTE_ADDR", /* 28 */ NULL }; @@ -1338,6 +1336,8 @@ static const char *request_var_fn(ap_expr_eval_ctx_t *ctx, const void *data) return ap_context_document_root(r); case 27: return r->status ? apr_psprintf(ctx->p, "%d", r->status) : ""; + case 28: + return r->remote_ip; default: ap_assert(0); return NULL; @@ -1483,10 +1483,10 @@ static int op_R(ap_expr_eval_ctx_t *ctx, const void *data, const char *arg1) AP_DEBUG_ASSERT(subnet != NULL); - if (!ctx->c) + if (!ctx->r) return FALSE; - return apr_ipsubnet_test(subnet, ctx->c->remote_addr); + return apr_ipsubnet_test(subnet, ctx->r->remote_addr); } static int op_T(ap_expr_eval_ctx_t *ctx, const void *data, const char *arg) -- 2.40.0