Skip site navigation (1)Skip section navigation (2)
Date:      Sun,  9 Nov 2003 22:01:17 +0100
From:      "Clement Laforet" <sheepkiller@cultdeadsheep.org>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        Clement Laforet <sheepkiller@cultdeadsheep.org>
Subject:   ports/59094: [new port] www/mod_extract_forwarded2: mod_extract_forwarded for apache2
Message-ID:  <20031109210116.17CD443FE1@mx1.FreeBSD.org>
Resent-Message-ID: <200311092110.hA9LA5pN018355@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         59094
>Category:       ports
>Synopsis:       [new port] www/mod_extract_forwarded2: mod_extract_forwarded for apache2
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Sun Nov 09 13:10:04 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Clement Laforet
>Release:        FreeBSD 5.1-CURRENT i386
>Organization:
cotds.org
>Environment:
System: FreeBSD lucifer.cultdeadsheep.org 5.1-CURRENT FreeBSD 5.1-CURRENT #3: Sun Nov 9 13:26:28 CET 2003 clement@lucifer.cultdeadsheep.org:/usr/obj/usr/src/sys/LUCIFER i386


	
>Description:
	Since I need mod_extract_forwarded for apache2 and I can't find any patch, here's mine.

	Description:
	mod_extract_forwarded2 hooks itself into Apache's header parsing phase and looks
	for the X-Forwarded-For header which some (most?) proxies add to the proxied
	HTTP requests. It extracts the IP from the X-Forwarded-For and modifies the
	connection data so to the rest of Apache the request looks like it came from
	that IP rather than the proxy IP.
	
	mod_extract_forwarded can be dangerous for host based access control because
	X-Forwarded-For is easily spoofed. Because of this you can configure which
	proxies you trust or don't trust.
	

>How-To-Repeat:
	N/A.
>Fix:

	

--- mod_extract_forwarded2.shar begins here ---
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	mod_extract_forwarded2
#	mod_extract_forwarded2/Makefile
#	mod_extract_forwarded2/distinfo
#	mod_extract_forwarded2/pkg-descr
#	mod_extract_forwarded2/pkg-message
#	mod_extract_forwarded2/pkg-plist
#
echo c - mod_extract_forwarded2
mkdir -p mod_extract_forwarded2 > /dev/null 2>&1
echo x - mod_extract_forwarded2/Makefile
sed 's/^X//' >mod_extract_forwarded2/Makefile << 'END-of-mod_extract_forwarded2/Makefile'
X# New ports collection makefile for:	mod_extract_forwarded2
X# Date created:				Sun Nov  9
X# Whom:					Clement Laforet <sheepkiller@cultdeadsheep.org>
X#
X# $FreeBSD$
X#
X
XPORTNAME=	mod_extract_forwarded2
XPORTVERSION=	0.1
XCATEGORIES=	www
XMASTER_SITES=	http://www.cotds.org/${PORTNAME}/
X#DIST_SUBDIR=	apache2
X
XMAINTAINER=	sheepkiller@cultdeadsheep.or
XCOMMENT=	An Apache module that can make proxied requests appear with client IP
X
XUSE_APACHE=	yes
XWITH_APACHE2=	yes
XPORTDOCS=		doc.html README
X
Xdo-build:
X	cd ${WRKSRC} && ${APXS} -c ${PORTNAME}.c
X
Xdo-install:
X	cd ${WRKSRC} && ${APXS} -A -i -n extract_forwarded ${PORTNAME}.la
X.if !defined(NOPORTDOCS)
X	${MKDIR} ${DOCSDIR}
X.for f in ${PORTDOCS}
X	${INSTALL_DATA} ${WRKSRC}/${f} ${DOCSDIR}
X.endfor
X.endif
X	${CAT} ${PKGMESSAGE}
X
X.include <bsd.port.mk>
END-of-mod_extract_forwarded2/Makefile
echo x - mod_extract_forwarded2/distinfo
sed 's/^X//' >mod_extract_forwarded2/distinfo << 'END-of-mod_extract_forwarded2/distinfo'
XMD5 (apache2/mod_extract_forwarded2-0.1.tar.gz) = 2359d40383c0cb7cc298dc92f4f89b74
END-of-mod_extract_forwarded2/distinfo
echo x - mod_extract_forwarded2/pkg-descr
sed 's/^X//' >mod_extract_forwarded2/pkg-descr << 'END-of-mod_extract_forwarded2/pkg-descr'
Xmod_extract_forwarded2 hooks itself into Apache's header parsing phase and looks
Xfor the X-Forwarded-For header which some (most?) proxies add to the proxied
XHTTP requests. It extracts the IP from the X-Forwarded-For and modifies the
Xconnection data so to the rest of Apache the request looks like it came from
Xthat IP rather than the proxy IP.
X
Xmod_extract_forwarded can be dangerous for host based access control because
XX-Forwarded-For is easily spoofed. Because of this you can configure which
Xproxies you trust or don't trust.
X
XWWW: http://www.cotds.org/mod_extract_forwarded2/
END-of-mod_extract_forwarded2/pkg-descr
echo x - mod_extract_forwarded2/pkg-message
sed 's/^X//' >mod_extract_forwarded2/pkg-message << 'END-of-mod_extract_forwarded2/pkg-message'
X************************************************************
XYou've installed mod_extract_forward, an Apache module that
Xcan make proxied requests appear with client IPs.
X
XEdit your apache.conf or httpd.conf to enable and setup this
Xmodule. Have a look at the files in
X${PREFIX}/share/doc/mod_extract_forward for information on
Xhow to configure it.
X
XThen do this to make it work effective:
X
X# apachectl configtest (see if there are any config errors)
X# apachectl restart
X
X************************************************************
END-of-mod_extract_forwarded2/pkg-message
echo x - mod_extract_forwarded2/pkg-plist
sed 's/^X//' >mod_extract_forwarded2/pkg-plist << 'END-of-mod_extract_forwarded2/pkg-plist'
Xlibexec/apache2/mod_extract_forwarded2.so
X@exec %D/sbin/apxs -e -A -n extract_forwarded %D/%F
X@unexec %D/sbin/apxs -e -A -n extract_forwarded %D/%F
END-of-mod_extract_forwarded2/pkg-plist
exit
--- mod_extract_forwarded2.shar ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031109210116.17CD443FE1>