From owner-freebsd-ports Sat Jun 9 15:40:33 2001 Delivered-To: freebsd-ports@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 5CAFC37B403 for ; Sat, 9 Jun 2001 15:40:04 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.3/8.11.3) id f59Me4a46958; Sat, 9 Jun 2001 15:40:04 -0700 (PDT) (envelope-from gnats) Received: from totem.fix.no (totem.fix.no [213.142.66.130]) by hub.freebsd.org (Postfix) with ESMTP id 72EE737B403 for ; Sat, 9 Jun 2001 15:36:49 -0700 (PDT) (envelope-from anders@totem.fix.no) Received: by totem.fix.no (Postfix, from userid 1000) id 4B7793C8E; Sun, 10 Jun 2001 00:36:48 +0200 (CEST) Message-Id: <20010609223648.4B7793C8E@totem.fix.no> Date: Sun, 10 Jun 2001 00:36:48 +0200 (CEST) From: Anders Nordby Reply-To: Anders Nordby To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: ports/27998: New port: www/mod_extract_forwarded Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 27998 >Category: ports >Synopsis: New port: www/mod_extract_forwarded >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Jun 09 15:40:03 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Anders Nordby >Release: FreeBSD 4.3-STABLE i386 >Organization: Fluxpod Information eXchange >Environment: kern.osreldate: 430000 (4.3-STABLE) kern.osreldate: 500018 (5.0-20010420-CURRENT) >Description: New port of mod_extract_forwarded, an Apache module that can make proxied requests appear with client IP. >How-To-Repeat: >Fix: # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # mod_extract_forwarded # mod_extract_forwarded/Makefile # mod_extract_forwarded/distinfo # mod_extract_forwarded/pkg-comment # mod_extract_forwarded/pkg-descr # mod_extract_forwarded/pkg-plist # mod_extract_forwarded/pkg-message # echo c - mod_extract_forwarded mkdir -p mod_extract_forwarded > /dev/null 2>&1 echo x - mod_extract_forwarded/Makefile sed 's/^X//' >mod_extract_forwarded/Makefile << 'END-of-mod_extract_forwarded/Makefile' X# New ports collection makefile for: mod_extract_forwarded X# Date created: 9 June 2001 X# Whom: Anders Nordby X# X# $FreeBSD$ X# X XPORTNAME= mod_extract_forwarded XPORTVERSION= 1.2 XCATEGORIES= www XMASTER_SITES= http://web.systhug.com/mod_extract_forwarded/ \ X http://www.freenix.no/~anders/ X XMAINTAINER= anders@fix.no X XBUILD_DEPENDS= ${LOCALBASE}/sbin/apxs:${PORTSDIR}/www/apache13 XRUN_DEPENDS= ${LOCALBASE}/sbin/apxs:${PORTSDIR}/www/apache13 X XWRKSRC= ${WRKDIR}/${PORTNAME} X XAPXS?= ${LOCALBASE}/sbin/apxs XDOCS= mod_extract_forwarded.html README X Xdo-build: X cd ${WRKSRC} && ${APXS} -c ${PORTNAME}.c X Xdo-install: X cd ${WRKSRC} && ${APXS} -A -i ${PORTNAME}.so X.if !defined(NOPORTDOCS) X ${INSTALL} -d -o root -g wheel -m 0755 ${PREFIX}/share/doc/${PORTNAME} X.for f in ${DOCS} X ${INSTALL_DATA} ${WRKSRC}/${f} ${PREFIX}/share/doc/${PORTNAME} X.endfor X.endif X ${CAT} ${PKGMESSAGE} X X.include END-of-mod_extract_forwarded/Makefile echo x - mod_extract_forwarded/distinfo sed 's/^X//' >mod_extract_forwarded/distinfo << 'END-of-mod_extract_forwarded/distinfo' XMD5 (mod_extract_forwarded-1.2.tar.gz) = 70ecf6f26f5561377b97ba8cae10e95f END-of-mod_extract_forwarded/distinfo echo x - mod_extract_forwarded/pkg-comment sed 's/^X//' >mod_extract_forwarded/pkg-comment << 'END-of-mod_extract_forwarded/pkg-comment' XAn Apache module that can make proxied requests appear with client IP END-of-mod_extract_forwarded/pkg-comment echo x - mod_extract_forwarded/pkg-descr sed 's/^X//' >mod_extract_forwarded/pkg-descr << 'END-of-mod_extract_forwarded/pkg-descr' Xmod_extract_forwarded hooks itself into Apache's header parsing phase and looks Xfor the X-Forwarded-For header which some (most?) proxies add to the proxied XHTTP requests. It extracts the IP from the X-Forwarded-For and modifies the Xconnection data so to the rest of Apache the request looks like it came from Xthat IP rather than the proxy IP. X Xmod_extract_forwarded can be dangerous for host based access control because XX-Forwarded-For is easily spoofed. Because of this you can configure which Xproxies you trust or don't trust. X XWWW: http://web.systhug.com/mod_extract_forwarded/ X X- Anders Nordby END-of-mod_extract_forwarded/pkg-descr echo x - mod_extract_forwarded/pkg-plist sed 's/^X//' >mod_extract_forwarded/pkg-plist << 'END-of-mod_extract_forwarded/pkg-plist' Xlibexec/apache/mod_extract_forwarded.so X@exec %D/sbin/apxs -e -A -n extract_forwarded %D/%F X@unexec %D/sbin/apxs -e -A -n extract_forwarded %D/%F X%%PORTDOCS%%share/doc/mod_extract_forwarded/mod_extract_forwarded.html X%%PORTDOCS%%share/doc/mod_extract_forwarded/README X%%PORTDOCS%%@dirrm share/doc/mod_extract_forwarded END-of-mod_extract_forwarded/pkg-plist echo x - mod_extract_forwarded/pkg-message sed 's/^X//' >mod_extract_forwarded/pkg-message << 'END-of-mod_extract_forwarded/pkg-message' X************************************************************ XYou've installed mod_extract_forward, an Apache module that Xcan make proxied requests appear with client IPs. X XEdit your apache.conf or httpd.conf to enable and setup this Xmodule. Have a look at the files in X${PREFIX}/share/doc/mod_extract_forward for information on Xhow to configure it. X XThen do this to make it work effective: X X# apachectl configtest (see if there are any config errors) X# apachectl restart X X************************************************************ END-of-mod_extract_forwarded/pkg-message exit >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message