Date: Thu, 07 Apr 2011 17:28:00 +0400 From: Alex Keda <admin@lissyara.su> To: FreeBSD Ports Mailing List <ports@freebsd.org> Subject: mod_authz_host && mod_rpaf - incorrect work with IPv6 enabled Message-ID: <4D9DBBE0.6050306@lissyara.su>
next in thread | raw e-mail | index | archive | help
problem - not work this: order allow,deny allow from ip 22.33.44.55 # My IP deny from all configuration - nginx frontend, apache2.2 backend, mod_rpaf for real IP apache say: 403, if I go through nginx-proxy and answer 200 if directly mod_rpaf work correct - in log - my IP, not server IP google go to this page: http://crashingdaily.wordpress.com/2008/10/22/apache-access-control-and-mod_rpaf/ fix: srv2# cat /usr/ports/www/apache22/files/patch-mod_authz_host.c --- ./modules/aaa/mod_authz_host.c.orig 2008-06-14 15:44:19.000000000 +0400 +++ ./modules/aaa/mod_authz_host.c 2011-04-07 16:46:03.000000000 +0400 @@ -214,6 +214,26 @@ int gothost = 0; const char *remotehost = NULL; +// added by lissyara 2011-04-07 in 16:13 MSK +// see http://crashingdaily.wordpress.com/2008/10/22/apache-access-control-and-mod_rpaf/ +if (r->connection->remote_addr->sa.sin.sin_family == AF_INET) { + r->connection->remote_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(r->connection->remote_ip); +} +else if (IN6_IS_ADDR_V4MAPPED((struct in6_addr *)r->connection->remote_addr->ipaddr_ptr)) { + // set mapped IPv4 + ((apr_uint32_t *)r->connection->remote_addr->ipaddr_ptr)[0] = 0; + ((apr_uint32_t *)r->connection->remote_addr->ipaddr_ptr)[1] = 0; + ((apr_uint32_t *)r->connection->remote_addr->ipaddr_ptr)[2] = htonl (0xffff); + ((apr_uint32_t *)r->connection->remote_addr->ipaddr_ptr)[3] = inet_addr( r->connection->remote_ip ); +} +else if (r->connection->remote_addr->sa.sin.sin_family == AF_INET6) { + // not sure if this will work !!! + inet_pton(AF_INET6, r->connection->remote_ip, ((struct sockaddr_in6*)&r->connection->remote_addr)->sin6_addr.s6_addr); +} +else { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, "Apache doesn't support this address family"); +} + for (i = 0; i < a->nelts; ++i) { if (!(mmask & ap[i].limited)) { continue; srv2# may be not complete correct - I'm not programmer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D9DBBE0.6050306>