ports/59094: [new port] www/mod_extract_forwarded2: mod_extract_forwarded for apache2
Clement Laforet
sheepkiller at cultdeadsheep.org
Sun Nov 9 21:10:08 UTC 2003
>Number: 59094
>Category: ports
>Synopsis: [new port] www/mod_extract_forwarded2: mod_extract_forwarded for apache2
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Sun Nov 09 13:10:04 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Clement Laforet
>Release: FreeBSD 5.1-CURRENT i386
>Organization:
cotds.org
>Environment:
System: FreeBSD lucifer.cultdeadsheep.org 5.1-CURRENT FreeBSD 5.1-CURRENT #3: Sun Nov 9 13:26:28 CET 2003 clement at lucifer.cultdeadsheep.org:/usr/obj/usr/src/sys/LUCIFER i386
>Description:
Since I need mod_extract_forwarded for apache2 and I can't find any patch, here's mine.
Description:
mod_extract_forwarded2 hooks itself into Apache's header parsing phase and looks
for the X-Forwarded-For header which some (most?) proxies add to the proxied
HTTP requests. It extracts the IP from the X-Forwarded-For and modifies the
connection data so to the rest of Apache the request looks like it came from
that IP rather than the proxy IP.
mod_extract_forwarded can be dangerous for host based access control because
X-Forwarded-For is easily spoofed. Because of this you can configure which
proxies you trust or don't trust.
>How-To-Repeat:
N/A.
>Fix:
--- mod_extract_forwarded2.shar begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# mod_extract_forwarded2
# mod_extract_forwarded2/Makefile
# mod_extract_forwarded2/distinfo
# mod_extract_forwarded2/pkg-descr
# mod_extract_forwarded2/pkg-message
# mod_extract_forwarded2/pkg-plist
#
echo c - mod_extract_forwarded2
mkdir -p mod_extract_forwarded2 > /dev/null 2>&1
echo x - mod_extract_forwarded2/Makefile
sed 's/^X//' >mod_extract_forwarded2/Makefile << 'END-of-mod_extract_forwarded2/Makefile'
X# New ports collection makefile for: mod_extract_forwarded2
X# Date created: Sun Nov 9
X# Whom: Clement Laforet <sheepkiller at cultdeadsheep.org>
X#
X# $FreeBSD$
X#
X
XPORTNAME= mod_extract_forwarded2
XPORTVERSION= 0.1
XCATEGORIES= www
XMASTER_SITES= http://www.cotds.org/${PORTNAME}/
X#DIST_SUBDIR= apache2
X
XMAINTAINER= sheepkiller at cultdeadsheep.or
XCOMMENT= An Apache module that can make proxied requests appear with client IP
X
XUSE_APACHE= yes
XWITH_APACHE2= yes
XPORTDOCS= doc.html README
X
Xdo-build:
X cd ${WRKSRC} && ${APXS} -c ${PORTNAME}.c
X
Xdo-install:
X cd ${WRKSRC} && ${APXS} -A -i -n extract_forwarded ${PORTNAME}.la
X.if !defined(NOPORTDOCS)
X ${MKDIR} ${DOCSDIR}
X.for f in ${PORTDOCS}
X ${INSTALL_DATA} ${WRKSRC}/${f} ${DOCSDIR}
X.endfor
X.endif
X ${CAT} ${PKGMESSAGE}
X
X.include <bsd.port.mk>
END-of-mod_extract_forwarded2/Makefile
echo x - mod_extract_forwarded2/distinfo
sed 's/^X//' >mod_extract_forwarded2/distinfo << 'END-of-mod_extract_forwarded2/distinfo'
XMD5 (apache2/mod_extract_forwarded2-0.1.tar.gz) = 2359d40383c0cb7cc298dc92f4f89b74
END-of-mod_extract_forwarded2/distinfo
echo x - mod_extract_forwarded2/pkg-descr
sed 's/^X//' >mod_extract_forwarded2/pkg-descr << 'END-of-mod_extract_forwarded2/pkg-descr'
Xmod_extract_forwarded2 hooks itself into Apache's header parsing phase and looks
Xfor the X-Forwarded-For header which some (most?) proxies add to the proxied
XHTTP requests. It extracts the IP from the X-Forwarded-For and modifies the
Xconnection data so to the rest of Apache the request looks like it came from
Xthat IP rather than the proxy IP.
X
Xmod_extract_forwarded can be dangerous for host based access control because
XX-Forwarded-For is easily spoofed. Because of this you can configure which
Xproxies you trust or don't trust.
X
XWWW: http://www.cotds.org/mod_extract_forwarded2/
END-of-mod_extract_forwarded2/pkg-descr
echo x - mod_extract_forwarded2/pkg-message
sed 's/^X//' >mod_extract_forwarded2/pkg-message << 'END-of-mod_extract_forwarded2/pkg-message'
X************************************************************
XYou've installed mod_extract_forward, an Apache module that
Xcan make proxied requests appear with client IPs.
X
XEdit your apache.conf or httpd.conf to enable and setup this
Xmodule. Have a look at the files in
X${PREFIX}/share/doc/mod_extract_forward for information on
Xhow to configure it.
X
XThen do this to make it work effective:
X
X# apachectl configtest (see if there are any config errors)
X# apachectl restart
X
X************************************************************
END-of-mod_extract_forwarded2/pkg-message
echo x - mod_extract_forwarded2/pkg-plist
sed 's/^X//' >mod_extract_forwarded2/pkg-plist << 'END-of-mod_extract_forwarded2/pkg-plist'
Xlibexec/apache2/mod_extract_forwarded2.so
X at exec %D/sbin/apxs -e -A -n extract_forwarded %D/%F
X at unexec %D/sbin/apxs -e -A -n extract_forwarded %D/%F
END-of-mod_extract_forwarded2/pkg-plist
exit
--- mod_extract_forwarded2.shar ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list