1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
Description: Use the last value from the X-Forwarded-For header, which
is not in RPAFproxy_ips as the client IP, falling back to the first one
if they are all known proxies.
Author: Dagfinn Ilmari Mannsåker <ilmari@ilmari.org>
---
mod_rpaf-2.0.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
--- a/mod_rpaf-2.0.c
+++ b/mod_rpaf-2.0.c
@@ -154,6 +154,16 @@
return APR_SUCCESS;
}
+static char* last_not_in_array(apr_array_header_t *forwarded_for,
+ apr_array_header_t *proxy_ips) {
+ int i;
+ for (i = (forwarded_for->nelts)-1; i > 0; i--) {
+ if (!is_in_array(((char **)forwarded_for->elts)[i], proxy_ips))
+ break;
+ }
+ return ((char **)forwarded_for->elts)[i];
+}
+
static int change_remote_ip(request_rec *r) {
const char *fwdvalue;
char *val;
@@ -185,7 +195,7 @@
rcr->old_ip = apr_pstrdup(r->connection->pool, r->connection->remote_ip);
rcr->r = r;
apr_pool_cleanup_register(r->pool, (void *)rcr, rpaf_cleanup, apr_pool_cleanup_null);
- r->connection->remote_ip = apr_pstrdup(r->connection->pool, ((char **)arr->elts)[((arr->nelts)-1)]);
+ r->connection->remote_ip = apr_pstrdup(r->connection->pool, last_not_in_array(arr, cfg->proxy_ips));
r->connection->remote_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(r->connection->remote_ip);
apr_sockaddr_t *tmpsa;
int ret = apr_sockaddr_info_get(&tmpsa, r->connection->remote_ip, APR_UNSPEC, r->connection->remote_addr->port, 0, r->connection->remote_addr->pool);
|