mod_authz_host && mod_rpaf - incorrect work with IPv6 enabled
Alex Keda
admin at lissyara.su
Thu Apr 7 14:05:15 UTC 2011
problem - not work this:
order allow,deny
allow from ip 22.33.44.55 # My IP
deny from all
configuration - nginx frontend, apache2.2 backend, mod_rpaf for real IP
apache say: 403, if I go through nginx-proxy and answer 200 if directly
mod_rpaf work correct - in log - my IP, not server IP
google go to this page:
http://crashingdaily.wordpress.com/2008/10/22/apache-access-control-and-mod_rpaf/
fix:
srv2# cat /usr/ports/www/apache22/files/patch-mod_authz_host.c
--- ./modules/aaa/mod_authz_host.c.orig 2008-06-14 15:44:19.000000000 +0400
+++ ./modules/aaa/mod_authz_host.c 2011-04-07 16:46:03.000000000 +0400
@@ -214,6 +214,26 @@
int gothost = 0;
const char *remotehost = NULL;
+// added by lissyara 2011-04-07 in 16:13 MSK
+// see
http://crashingdaily.wordpress.com/2008/10/22/apache-access-control-and-mod_rpaf/
+if (r->connection->remote_addr->sa.sin.sin_family == AF_INET) {
+ r->connection->remote_addr->sa.sin.sin_addr.s_addr =
apr_inet_addr(r->connection->remote_ip);
+}
+else if (IN6_IS_ADDR_V4MAPPED((struct in6_addr
*)r->connection->remote_addr->ipaddr_ptr)) {
+ // set mapped IPv4
+ ((apr_uint32_t *)r->connection->remote_addr->ipaddr_ptr)[0] = 0;
+ ((apr_uint32_t *)r->connection->remote_addr->ipaddr_ptr)[1] = 0;
+ ((apr_uint32_t *)r->connection->remote_addr->ipaddr_ptr)[2] =
htonl (0xffff);
+ ((apr_uint32_t *)r->connection->remote_addr->ipaddr_ptr)[3] =
inet_addr( r->connection->remote_ip );
+}
+else if (r->connection->remote_addr->sa.sin.sin_family == AF_INET6) {
+ // not sure if this will work !!!
+ inet_pton(AF_INET6, r->connection->remote_ip, ((struct
sockaddr_in6*)&r->connection->remote_addr)->sin6_addr.s6_addr);
+}
+else {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
"Apache doesn't support this address family");
+}
+
for (i = 0; i < a->nelts; ++i) {
if (!(mmask & ap[i].limited)) {
continue;
srv2#
may be not complete correct - I'm not programmer
More information about the freebsd-ports
mailing list