From owner-freebsd-ports-bugs@FreeBSD.ORG Sun Nov 9 13:10:08 2003 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D287216A4CE for ; Sun, 9 Nov 2003 13:10:08 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7FD9143FAF for ; Sun, 9 Nov 2003 13:10:05 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id hA9LA5FY018356 for ; Sun, 9 Nov 2003 13:10:05 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id hA9LA5pN018355; Sun, 9 Nov 2003 13:10:05 -0800 (PST) (envelope-from gnats) Resent-Date: Sun, 9 Nov 2003 13:10:05 -0800 (PST) Resent-Message-Id: <200311092110.hA9LA5pN018355@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Clement Laforet Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF87C16A4CE for ; Sun, 9 Nov 2003 13:01:17 -0800 (PST) Received: from cultdeadsheep.org (charon.cultdeadsheep.org [80.65.226.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id 17CD443FE1 for ; Sun, 9 Nov 2003 13:01:16 -0800 (PST) (envelope-from sheepkiller@cultdeadsheep.org) Received: (qmail 51331 invoked by uid 85); 9 Nov 2003 22:01:14 +0100 Received: from sheepkiller@cultdeadsheep.org by goofy.cultdeadsheep.org by uid 82 with qmail-scanner-1.20rc2 ( Clear:RC:1:. Processed in 0.046173 secs); 09 Nov 2003 21:01:14 -0000 Received: from lucifer.cultdeadsheep.org (192.168.0.2) by goofy.cultdeadsheep.org with SMTP; 9 Nov 2003 22:01:13 +0100 Received: by lucifer.cultdeadsheep.org (sSMTP sendmail emulation); Sun, 9 Nov 2003 22:01:17 +0100 Message-Id: <20031109210116.17CD443FE1@mx1.FreeBSD.org> Date: Sun, 9 Nov 2003 22:01:17 +0100 From: "Clement Laforet" To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: Clement Laforet Subject: ports/59094: [new port] www/mod_extract_forwarded2: mod_extract_forwarded for apache2 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Clement Laforet List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Nov 2003 21:10:08 -0000 >Number: 59094 >Category: ports >Synopsis: [new port] www/mod_extract_forwarded2: mod_extract_forwarded for apache2 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sun Nov 09 13:10:04 PST 2003 >Closed-Date: >Last-Modified: >Originator: Clement Laforet >Release: FreeBSD 5.1-CURRENT i386 >Organization: cotds.org >Environment: System: FreeBSD lucifer.cultdeadsheep.org 5.1-CURRENT FreeBSD 5.1-CURRENT #3: Sun Nov 9 13:26:28 CET 2003 clement@lucifer.cultdeadsheep.org:/usr/obj/usr/src/sys/LUCIFER i386 >Description: Since I need mod_extract_forwarded for apache2 and I can't find any patch, here's mine. Description: mod_extract_forwarded2 hooks itself into Apache's header parsing phase and looks for the X-Forwarded-For header which some (most?) proxies add to the proxied HTTP requests. It extracts the IP from the X-Forwarded-For and modifies the connection data so to the rest of Apache the request looks like it came from that IP rather than the proxy IP. mod_extract_forwarded can be dangerous for host based access control because X-Forwarded-For is easily spoofed. Because of this you can configure which proxies you trust or don't trust. >How-To-Repeat: N/A. >Fix: --- mod_extract_forwarded2.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # mod_extract_forwarded2 # mod_extract_forwarded2/Makefile # mod_extract_forwarded2/distinfo # mod_extract_forwarded2/pkg-descr # mod_extract_forwarded2/pkg-message # mod_extract_forwarded2/pkg-plist # echo c - mod_extract_forwarded2 mkdir -p mod_extract_forwarded2 > /dev/null 2>&1 echo x - mod_extract_forwarded2/Makefile sed 's/^X//' >mod_extract_forwarded2/Makefile << 'END-of-mod_extract_forwarded2/Makefile' X# New ports collection makefile for: mod_extract_forwarded2 X# Date created: Sun Nov 9 X# Whom: Clement Laforet X# X# $FreeBSD$ X# X XPORTNAME= mod_extract_forwarded2 XPORTVERSION= 0.1 XCATEGORIES= www XMASTER_SITES= http://www.cotds.org/${PORTNAME}/ X#DIST_SUBDIR= apache2 X XMAINTAINER= sheepkiller@cultdeadsheep.or XCOMMENT= An Apache module that can make proxied requests appear with client IP X XUSE_APACHE= yes XWITH_APACHE2= yes XPORTDOCS= doc.html README X Xdo-build: X cd ${WRKSRC} && ${APXS} -c ${PORTNAME}.c X Xdo-install: X cd ${WRKSRC} && ${APXS} -A -i -n extract_forwarded ${PORTNAME}.la X.if !defined(NOPORTDOCS) X ${MKDIR} ${DOCSDIR} X.for f in ${PORTDOCS} X ${INSTALL_DATA} ${WRKSRC}/${f} ${DOCSDIR} X.endfor X.endif X ${CAT} ${PKGMESSAGE} X X.include END-of-mod_extract_forwarded2/Makefile echo x - mod_extract_forwarded2/distinfo sed 's/^X//' >mod_extract_forwarded2/distinfo << 'END-of-mod_extract_forwarded2/distinfo' XMD5 (apache2/mod_extract_forwarded2-0.1.tar.gz) = 2359d40383c0cb7cc298dc92f4f89b74 END-of-mod_extract_forwarded2/distinfo echo x - mod_extract_forwarded2/pkg-descr sed 's/^X//' >mod_extract_forwarded2/pkg-descr << 'END-of-mod_extract_forwarded2/pkg-descr' Xmod_extract_forwarded2 hooks itself into Apache's header parsing phase and looks Xfor the X-Forwarded-For header which some (most?) proxies add to the proxied XHTTP requests. It extracts the IP from the X-Forwarded-For and modifies the Xconnection data so to the rest of Apache the request looks like it came from Xthat IP rather than the proxy IP. X Xmod_extract_forwarded can be dangerous for host based access control because XX-Forwarded-For is easily spoofed. Because of this you can configure which Xproxies you trust or don't trust. X XWWW: http://www.cotds.org/mod_extract_forwarded2/ END-of-mod_extract_forwarded2/pkg-descr echo x - mod_extract_forwarded2/pkg-message sed 's/^X//' >mod_extract_forwarded2/pkg-message << 'END-of-mod_extract_forwarded2/pkg-message' X************************************************************ XYou've installed mod_extract_forward, an Apache module that Xcan make proxied requests appear with client IPs. X XEdit your apache.conf or httpd.conf to enable and setup this Xmodule. Have a look at the files in X${PREFIX}/share/doc/mod_extract_forward for information on Xhow to configure it. X XThen do this to make it work effective: X X# apachectl configtest (see if there are any config errors) X# apachectl restart X X************************************************************ END-of-mod_extract_forwarded2/pkg-message echo x - mod_extract_forwarded2/pkg-plist sed 's/^X//' >mod_extract_forwarded2/pkg-plist << 'END-of-mod_extract_forwarded2/pkg-plist' Xlibexec/apache2/mod_extract_forwarded2.so X@exec %D/sbin/apxs -e -A -n extract_forwarded %D/%F X@unexec %D/sbin/apxs -e -A -n extract_forwarded %D/%F END-of-mod_extract_forwarded2/pkg-plist exit --- mod_extract_forwarded2.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted: