Add FORWARDS environment variable, as suggested under a different name by Rogier...

diff --git a/mod_authnz_external/AUTHENTICATORS b/mod_authnz_external/AUTHENTICATORS
index 00506272683e0db26d2f540bd2e564c4b1d9695f..aaf176a3ae39bbd6e52d763908ce74b92ffc3d4d 100644 (file)
--- a/mod_authnz_external/AUTHENTICATORS
+++ b/mod_authnz_external/AUTHENTICATORS
@@ -249,7 +249,16 @@ OTHER ENVIRONMENT VARIABLES
 
     IP        the client's ip-address.
 
-    HOST      the client's host name, if Apache has "HostnameLookups On".
+    HOST      the host name corresponding to IP, if Apache has
+              "HostnameLookups On".
+
+    FORWARDS  If a load-balancer or proxy is being used, then the "IP" variable
+             is just going to be the ip-address of the server that forwarded
+             the client's request to the current server. In that case, the
+             "FORWARDS" environment variable gives a comma-separated list of
+             ip-addresses, the first of which will be the original client's ip,
+              while the rest are all the other proxies the request was forwarded
+              through before reaching the server named by the the "IP" variable.
 
     PATH      the httpd's path environment variable.
 

diff --git a/mod_authnz_external/CHANGES b/mod_authnz_external/CHANGES
index 74933775d626edde66bb4df8bdb647ab6f4e12a1..024b42e7e37eb015aa70e423d0b8e7312f5d1f0c 100644 (file)
--- a/mod_authnz_external/CHANGES
+++ b/mod_authnz_external/CHANGES
@@ -1,5 +1,7 @@
 v3.3.2   (Jan Wolter - NOT YET RELEASED)
 ----------------------------------------------
+ * Added the FORWARDS environment variable for use with load balancing servers.
+   This patch contributed by Rogier Slag.
  * Added test/test.pipe.php, a PHP version of test/test.pipe contributed
    by Claus Andersen.
 

diff --git a/mod_authnz_external/mod_authnz_external.c b/mod_authnz_external/mod_authnz_external.c
index 479e57f679d9d8f8ed0e939fce99e0b2c63e3358..f3948323c86675468a2c1dd9666537304297cc03 100644 (file)
--- a/mod_authnz_external/mod_authnz_external.c
+++ b/mod_authnz_external/mod_authnz_external.c
@@ -96,6 +96,7 @@
 #define ENV_HOST       "HOST"          /* Remote Host */
 #define ENV_HTTP_HOST  "HTTP_HOST"     /* Local Host */
 #define ENV_CONTEXT    "CONTEXT"       /* Arbitrary Data from Config */
+#define ENV_FORWARDS   "FORWARDS"
 /* Undefine this if you do not want cookies passed to the script */
 #define ENV_COOKIE     "COOKIE"
 
@@ -400,7 +401,7 @@ static int exec_external(const char *extpath, const char *extmethod,
     apr_procattr_t *procattr;
     apr_proc_t proc;
     apr_status_t rc= APR_SUCCESS;
-    char *child_env[12];
+    char *child_env[13];
     char *child_arg[MAX_ARG+2];
     const char *t;
     int i, status= -4;
@@ -423,7 +424,7 @@ static int exec_external(const char *extpath, const char *extmethod,
 
     if (!isdaemon)
     {
-       const char *cookie, *host, *remote_host;
+       const char *cookie, *host, *remote_host, *forwards;
        authnz_external_dir_config_rec *dir= (authnz_external_dir_config_rec *)
            ap_get_module_config(r->per_dir_config, &authnz_external_module);
        i= 0;
@@ -456,6 +457,9 @@ static int exec_external(const char *extpath, const char *extmethod,
            child_env[i++]= apr_pstrcat(r->pool, ENV_CONTEXT"=",
                dir->context, NULL);
 
+       if ((forwards= apr_table_get(r->headers_in, "X-Forwarded-For")) != NULL)
+           child_env[i++]= apr_pstrcat(p, ENV_FORWARDS"=", forwards, NULL);
+
 #ifdef ENV_COOKIE
        if ((cookie= apr_table_get(r->headers_in, "Cookie")) != NULL)
            child_env[i++]= apr_pstrcat(p, ENV_COOKIE"=", cookie, NULL);