Hello,
On 3/26/14, 10:10 AM, Bruno Prémont wrote:
>
> Yeah, vanilla mod_rpaf-0.6 does not handle IPv6 addresses well.
>
> Be careful with the patch you choose, some fix the textual
> representation of REMOTE_ADDR but still break on Apache-side access
> control (e.g. on mis-match between proxy connection address family and
> header-passed address family).
>
> The patch I'm using successfully here is inlined below.
>
> Bruno
>
>
> ---
> diff -NurpP a/mod_rpaf.c b/mod_rpaf.c
> --- a/mod_rpaf.c 2014-02-17 09:21:08.278411786 +0100
> +++ b/mod_rpaf.c 2014-02-17 10:20:18.083940819 +0100
> @@ -173,6 +173,7 @@ static int change_remote_ip(request_rec
> }
>
> if (fwdvalue) {
> + apr_sockaddr_t *tmpsa;
> rpaf_cleanup_rec *rcr = (rpaf_cleanup_rec *)apr_pcalloc(r->pool, sizeof(rpaf_cleanup_rec));
> apr_array_header_t *arr = apr_array_make(r->pool, 0, sizeof(char*));
> while (*fwdvalue && (val = ap_get_token(r->pool, &fwdvalue, 1))) {
> @@ -184,7 +185,8 @@ static int change_remote_ip(request_rec
> rcr->r = r;
> apr_pool_cleanup_register(r->pool, (void *)rcr, rpaf_cleanup, apr_pool_cleanup_null);
> r->connection->remote_ip = apr_pstrdup(r->connection->pool, ((char **)arr->elts)[((arr->nelts)-1)]);
> - r->connection->remote_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(r->connection->remote_ip);
> + if (apr_sockaddr_info_get(&tmpsa, r->connection->remote_ip, APR_UNSPEC, r->connection->remote_addr->port, 0, r->connection->remote_addr->pool) == APR_SUCCESS)
> + memcpy(r->connection->remote_addr, tmpsa, sizeof(apr_sockaddr_t));
> if (cfg->sethostname) {
> const char *hostvalue;
> if ((hostvalue = apr_table_get(r->headers_in, "X-Forwarded-Host"))) {
>
>
Thank you Bruno! I will try this a bit later, when things have settled
down here.
--
Jim Ohlstein
"Never argue with a fool, onlookers may not be able to tell the
difference." - Mark Twain
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx