From owner-freebsd-ports@FreeBSD.ORG Thu Apr 7 14:05:15 2011 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C7E9D1065674 for ; Thu, 7 Apr 2011 14:05:15 +0000 (UTC) (envelope-from admin@lissyara.su) Received: from mx.lissyara.su (mx.lissyara.su [77.73.25.118]) by mx1.freebsd.org (Postfix) with ESMTP id 80CB08FC16 for ; Thu, 7 Apr 2011 14:05:15 +0000 (UTC) Received: from [195.93.240.106] (port=54222 helo=lissyara.moskb.local) by mx.lissyara.su with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.74 (FreeBSD)) (envelope-from ) id 1Q7pFg-000L54-Fl for ports@freebsd.org; Thu, 07 Apr 2011 17:28:00 +0400 Message-ID: <4D9DBBE0.6050306@lissyara.su> Date: Thu, 07 Apr 2011 17:28:00 +0400 From: Alex Keda User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; ru-RU; rv:1.8.1.23) Gecko/20091202 Thunderbird/2.0.0.23 Mnenhy/0.7.6.666 MIME-Version: 1.0 To: FreeBSD Ports Mailing List Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 7bit X-White-List: YES X-Spam-Description: if spam count > 60 - this is spam X-Spam-Count: 0 X-White-List: YES X-Spam-Description: if spam count > 60 - this is spam X-Spam-Count: 0 X-Descriptions: powered by www.lissyara.su X-Bounce-ID: mx.lissyara.su Cc: Subject: mod_authz_host && mod_rpaf - incorrect work with IPv6 enabled X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2011 14:05:15 -0000 problem - not work this: order allow,deny allow from ip 22.33.44.55 # My IP deny from all configuration - nginx frontend, apache2.2 backend, mod_rpaf for real IP apache say: 403, if I go through nginx-proxy and answer 200 if directly mod_rpaf work correct - in log - my IP, not server IP google go to this page: http://crashingdaily.wordpress.com/2008/10/22/apache-access-control-and-mod_rpaf/ fix: srv2# cat /usr/ports/www/apache22/files/patch-mod_authz_host.c --- ./modules/aaa/mod_authz_host.c.orig 2008-06-14 15:44:19.000000000 +0400 +++ ./modules/aaa/mod_authz_host.c 2011-04-07 16:46:03.000000000 +0400 @@ -214,6 +214,26 @@ int gothost = 0; const char *remotehost = NULL; +// added by lissyara 2011-04-07 in 16:13 MSK +// see http://crashingdaily.wordpress.com/2008/10/22/apache-access-control-and-mod_rpaf/ +if (r->connection->remote_addr->sa.sin.sin_family == AF_INET) { + r->connection->remote_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(r->connection->remote_ip); +} +else if (IN6_IS_ADDR_V4MAPPED((struct in6_addr *)r->connection->remote_addr->ipaddr_ptr)) { + // set mapped IPv4 + ((apr_uint32_t *)r->connection->remote_addr->ipaddr_ptr)[0] = 0; + ((apr_uint32_t *)r->connection->remote_addr->ipaddr_ptr)[1] = 0; + ((apr_uint32_t *)r->connection->remote_addr->ipaddr_ptr)[2] = htonl (0xffff); + ((apr_uint32_t *)r->connection->remote_addr->ipaddr_ptr)[3] = inet_addr( r->connection->remote_ip ); +} +else if (r->connection->remote_addr->sa.sin.sin_family == AF_INET6) { + // not sure if this will work !!! + inet_pton(AF_INET6, r->connection->remote_ip, ((struct sockaddr_in6*)&r->connection->remote_addr)->sin6_addr.s6_addr); +} +else { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, "Apache doesn't support this address family"); +} + for (i = 0; i < a->nelts; ++i) { if (!(mmask & ap[i].limited)) { continue; srv2# may be not complete correct - I'm not programmer