Annotation of embedaddon/lighttpd/doc/outdated/extforward.txt, revision 1.1
1.1 ! misho 1: ==============
! 2: mod_extforward
! 3: ==============
! 4:
! 5: .. contents::
! 6:
! 7: Overview
! 8: ========
! 9:
! 10: Comman Kang <comman.kang at gmail.com> sent me: ::
! 11:
! 12: Hello jan.
! 13:
! 14: I've made something rough but similar to mod_extract_forwarded for
! 15: Apache. This module will extract the client's "real" ip from
! 16: X-Forwarded-For header which is added by squid or other proxies. It might be
! 17: useful for servers behind reverse proxy servers.
! 18:
! 19: However, this module is causing segfault with mod_ssl or
! 20: $HTTP{''socket"} directive, crashing in config_check_cond while patching
! 21: connection , I do not understand architecture of the lighttpd well, does it
! 22: need to call patch_connection in either handle_request_done and
! 23: connection_reset ?
! 24:
! 25: Lionel Elie Mamane <lionel@mamane.lu> improved the patch: ::
! 26:
! 27: I've taken lighttpd-1.4.10-mod_extforward.c from the wiki and I've
! 28: extended it. Here is the result.
! 29:
! 30: Major changes:
! 31:
! 32: - IPv6 support
! 33:
! 34: - Fixed at least one segfault with SERVER['socket']
! 35:
! 36: - Arrange things so that a url.access-deny under scope of a
! 37: HTTP['remoteip'] condition works well :)
! 38:
! 39: I've commented the code in some places, mostly where I wasn't sure
! 40: what was going on, or I didn't see what the original author meant to
! 41: do.
! 42:
! 43: Options
! 44: =======
! 45:
! 46: extforward.forwarder
! 47: Sets trust level of proxy IP's.
! 48:
! 49: Default: empty
! 50:
! 51: Example: ::
! 52:
! 53: extforward.forwarder = ("10.0.0.232" => "trust")
! 54:
! 55: will translate ip addresses coming from 10.0.0.232 to real ip addresses extracted from "X-Forwarded-For" or "Forwarded-For" HTTP request header.
! 56:
! 57: extforward.headers
! 58: Sets headers to search for finding the originl addresses.
! 59:
! 60: Example (for use with a Zeus ZXTM loadbalancer): ::
! 61:
! 62: extforward.headers = ("X-Cluster-Client-Ip")
! 63:
! 64: Default: empty, results in searching for "X-Forwarded-For" and "Forwarded-For"
! 65:
! 66: Note
! 67: =======
! 68:
! 69: The effect of this module is variable on $HTTP["remotip"] directives and other module's remote ip dependent actions.
! 70: Things done by modules before we change the remoteip or after we reset it will match on the proxy's IP.
! 71: Things done in between these two moments will match on the real client's IP.
! 72: The moment things are done by a module depends on in which hook it does things and within the same hook
! 73: on whether they are before/after us in the module loading order
! 74: (order in the server.modules directive in the config file).
! 75:
! 76: Tested behaviours:
! 77:
! 78: mod_access: Will match on the real client.
! 79:
! 80: mod_accesslog:
! 81: In order to see the "real" ip address in access log ,
! 82: you'll have to load mod_extforward after mod_accesslog.
! 83: like this: ::
! 84:
! 85: server.modules = (
! 86: .....
! 87: mod_accesslog,
! 88: mod_extforward
! 89: )
! 90:
! 91: Samples
! 92: =======
! 93:
! 94: Trust proxy 10.0.0.232 and 10.0.0.232 ::
! 95:
! 96: extforward.forwarder = (
! 97: "10.0.0.232" => "trust",
! 98: "10.0.0.233" => "trust",
! 99: )
! 100:
! 101: Trust all proxies (NOT RECOMMENDED!) ::
! 102:
! 103: extforward.forwarder = ( "all" => "trust")
! 104:
! 105: Note that "all" has precedence over specific entries, so "all except" setups will not work.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to extforward.txt CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / lighttpd / doc / outdated