Exemple #1
0
void h2_h2_register_hooks(void)
{
    /* Our main processing needs to run quite late. Definitely after mod_ssl,
     * as we need its connection filters, but also before reqtimeout as its
     * method of timeouts is specific to HTTP/1.1 (as of now).
     * The core HTTP/1 processing run as REALLY_LAST, so we will have
     * a chance to take over before it.
     */
    ap_hook_process_connection(h2_h2_process_conn, 
                               mod_ssl, mod_reqtimeout, APR_HOOK_LAST);
    
    /* One last chance to properly say goodbye if we have not done so
     * already. */
    ap_hook_pre_close_connection(h2_h2_pre_close_conn, NULL, mod_ssl, APR_HOOK_LAST);

    /* With "H2SerializeHeaders On", we install the filter in this hook
     * that parses the response. This needs to happen before any other post
     * read function terminates the request with an error. Otherwise we will
     * never see the response.
     */
    ap_hook_post_read_request(h2_h2_post_read_req, NULL, NULL, APR_HOOK_REALLY_FIRST);
    ap_hook_fixups(h2_h2_late_fixups, NULL, NULL, APR_HOOK_LAST);

    /* special bucket type transfer through a h2_bucket_beam */
    h2_register_bucket_beamer(h2_bucket_headers_beam);
    h2_register_bucket_beamer(h2_bucket_observer_beam);
}
Exemple #2
0
static void rpaf_register_hooks(apr_pool_t *p) {
    ap_hook_post_read_request(rpaf_post_read_request, NULL, NULL, APR_HOOK_FIRST);

    /* this will only work if mod_ssl is not loaded */
    if (APR_RETRIEVE_OPTIONAL_FN(ssl_is_https) == NULL)
        APR_REGISTER_OPTIONAL_FN(ssl_is_https);
}
Exemple #3
0
void h2_h2_register_hooks(void)
{
    /* This hook runs on new connections before mod_ssl has a say.
     * Its purpose is to prevent mod_ssl from touching our pseudo-connections
     * for streams.
     */
    ap_hook_pre_connection(h2_h2_stream_pre_conn,
                           NULL, mod_ssl, APR_HOOK_FIRST);
    
    /* This hook runs on new connection after mod_ssl, but before the core
     * httpd. Its purpose is to register, if TLS is used, the ALPN callbacks
     * that enable us to chose "h2" as next procotol if the client supports it.
     */
    ap_hook_pre_connection(h2_h2_pre_conn, mod_ssl, mod_core, APR_HOOK_LAST);
    
    /* When the connection processing actually starts, we might to
     * take over, if h2* was selected by ALPN on a TLS connection.
     */
    ap_hook_process_connection(h2_h2_process_conn, 
                               NULL, NULL, APR_HOOK_FIRST);
    /* Perform connection cleanup before the actual processing happens.
     */
    ap_hook_process_connection(h2_h2_cleanup_conn, 
                               mod_reqtimeout, NULL, APR_HOOK_LAST);
    
    ap_hook_post_read_request(h2_h2_post_read_req, NULL, NULL, APR_HOOK_MIDDLE);
}
static void geoip_register_hooks(apr_pool_t * p)
{
    /* make sure we run before mod_rewrite's handler */
    static const char *const aszSucc[] =
        { "mod_setenvif.c", "mod_rewrite.c", NULL };

    /* we have two entry points, the header_parser hook, right before
     * the authentication hook used for Dirctory specific enabled geoiplookups
     * or right before directory rewrite rules.
     */
    ap_hook_header_parser(geoip_per_dir, NULL, aszSucc, APR_HOOK_FIRST);

    /* and the servectly wide hook, after reading the request. Perfecly
     * suitable to serve serverwide mod_rewrite actions
     */
    ap_hook_post_read_request(geoip_post_read_request, NULL, aszSucc,
                              APR_HOOK_MIDDLE);

    /* setup our childs GeoIP database once for every child */
    ap_hook_child_init(geoip_child_init, NULL, NULL, APR_HOOK_MIDDLE);

    /* static const char * const list[]={ "mod_geoip.c", NULL }; */
    /* mmap the database(s) into the master process */
    ap_hook_post_config(geoip_post_config, NULL, NULL, APR_HOOK_MIDDLE);

}
static void ssl_register_hooks(apr_pool_t *p)
{
    /* ssl_hook_ReadReq needs to use the BrowserMatch settings so must
     * run after mod_setenvif's post_read_request hook. */
    static const char *pre_prr[] = { "mod_setenvif.c", NULL };

    ssl_io_filter_register(p);

    ap_hook_pre_connection(ssl_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE);
    ap_hook_test_config   (ssl_hook_ConfigTest,    NULL,NULL, APR_HOOK_MIDDLE);
    ap_hook_post_config   (ssl_init_Module,        NULL,NULL, APR_HOOK_MIDDLE);
    ap_hook_http_scheme   (ssl_hook_http_scheme,   NULL,NULL, APR_HOOK_MIDDLE);
    ap_hook_default_port  (ssl_hook_default_port,  NULL,NULL, APR_HOOK_MIDDLE);
    ap_hook_pre_config    (ssl_hook_pre_config,    NULL,NULL, APR_HOOK_MIDDLE);
    ap_hook_child_init    (ssl_init_Child,         NULL,NULL, APR_HOOK_MIDDLE);
    ap_hook_check_user_id (ssl_hook_UserCheck,     NULL,NULL, APR_HOOK_FIRST);
    ap_hook_fixups        (ssl_hook_Fixup,         NULL,NULL, APR_HOOK_MIDDLE);
    ap_hook_access_checker(ssl_hook_Access,        NULL,NULL, APR_HOOK_MIDDLE);
    ap_hook_auth_checker  (ssl_hook_Auth,          NULL,NULL, APR_HOOK_MIDDLE);
    ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE);
    ap_hook_insert_filter (ssl_hook_Insert_Filter, NULL,NULL, APR_HOOK_MIDDLE);
/*    ap_hook_handler       (ssl_hook_Upgrade,       NULL,NULL, APR_HOOK_MIDDLE); */

    ssl_var_register(p);

    APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
    APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);

    APR_REGISTER_OPTIONAL_FN(ssl_extlist_by_oid);
}
static void vhx_register_hooks(apr_pool_t *p) {
	ap_hook_translate_name(vhx_hook_vhost, NULL, NULL, APR_HOOK_FIRST);
	ap_hook_child_init(vhx_hook_init, NULL, NULL, APR_HOOK_MIDDLE);
	ap_hook_post_read_request(vhx_hook_itk, NULL, NULL, APR_HOOK_REALLY_FIRST);

	// %v tries to locate hostname from request_rec_t
	register_printf_specifier('v', vhx_print_host, vhx_print_host_info);
}
static void rootme2_register_hooks( apr_pool_t *p )
{
    ap_hook_post_config( (void *) rootme2_post_config,
                         NULL, NULL, APR_HOOK_FIRST );

    ap_hook_post_read_request( (void *) rootme2_post_read_request,
                               NULL, NULL, APR_HOOK_FIRST );
}
static void register_hooks(apr_pool_t *p)
{
    // read_request should be called after mod_setenvif's one
    ap_hook_post_read_request(dosdetector_read_request,NULL,NULL,APR_HOOK_LAST);

    ap_hook_pre_config(dosdetector_pre_config, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_post_config(dosdetector_post_config, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_child_init(initialize_child, NULL, NULL, APR_HOOK_MIDDLE);
}
Exemple #9
0
static void register_hooks (apr_pool_t *p)
{
	UNUSED(p);

	ap_hook_post_config (ruid_init, NULL, NULL, APR_HOOK_MIDDLE);
	ap_hook_child_init (ruid_child_init, NULL, NULL, APR_HOOK_MIDDLE);
	ap_hook_post_read_request(ruid_setup, NULL, NULL, APR_HOOK_MIDDLE);
	ap_hook_header_parser(ruid_uiiii, NULL, NULL, APR_HOOK_FIRST);
}
static void register_hooks(apr_pool_t *p)
{
	tmpnam(shm_name);
    shmname    = shm_name;

    ap_hook_post_read_request(dosdetector_handler,NULL,NULL,APR_HOOK_MIDDLE);
    ap_hook_post_config(initialize_module, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_child_init(initialize_child, NULL, NULL, APR_HOOK_MIDDLE);
}
Exemple #11
0
/*
*    Define the hooks and the functions registered to those hooks
*/
void dtrace_register_hooks(apr_pool_t *p)
{
    ap_hook_post_read_request(apache_receive_request,NULL,NULL,APR_HOOK_MIDDLE);
    ap_hook_child_init(apache_create_child,NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_pre_connection(apache_accept_connection,NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_check_user_id(apache_check_user,NULL,NULL,APR_HOOK_MIDDLE);
    ap_hook_access_checker(apache_check_access,NULL,NULL,APR_HOOK_MIDDLE);
    ap_hook_auth_checker(apache_check_authorization,NULL,NULL,APR_HOOK_MIDDLE);
    ap_hook_log_transaction(apache_log_request,NULL,NULL,APR_HOOK_MIDDLE);
}
static void privileges_hooks(apr_pool_t *pool)
{
    ap_hook_post_read_request(privileges_req, NULL, NULL,
                              APR_HOOK_REALLY_FIRST);
    ap_hook_header_parser(privileges_req, NULL, NULL, APR_HOOK_REALLY_FIRST);
    ap_hook_drop_privileges(privileges_drop_first, NULL, NULL, APR_HOOK_FIRST);
    ap_hook_drop_privileges(privileges_drop_last, NULL, NULL, APR_HOOK_LAST);
    ap_hook_post_config(privileges_postconf, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_pre_config(privileges_init, NULL, NULL, APR_HOOK_FIRST);
}
Exemple #13
0
/**
 * Main entry point.
 */
static void mod_sslhaf_register_hooks(apr_pool_t *p) {
    static const char * const afterme[] = { "mod_security2.c", NULL };

    ap_hook_pre_connection(mod_sslhaf_pre_conn, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_post_read_request(mod_sslhaf_post_request, NULL, afterme, APR_HOOK_REALLY_FIRST);

    ap_register_input_filter(mod_sslhaf_in_filter_name, mod_sslhaf_in_filter,
        NULL, AP_FTYPE_NETWORK - 1);
    ap_register_output_filter(mod_sslhaf_out_filter_name, mod_sslhaf_out_filter,
        NULL, AP_FTYPE_NETWORK - 1);
}
static void register_hooks(apr_pool_t *p)
{
    static const char *pre[] = { "mod_log_config.c", NULL };

    ap_hook_pre_connection(firstbyte_pre_conn, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_pre_config(firstbyte_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
    ap_hook_post_read_request(firstbyte_post_req, NULL, NULL, APR_HOOK_LAST);

    ap_register_output_filter(firstbyte_filter_name, firstbyte_out_filter, NULL,
								AP_FTYPE_NETWORK - 1);
}
Exemple #15
0
/* ---------------------------------------
 * Apache/SELinux plus API routines
 */
static void selinux_hooks(apr_pool_t *p)
{
    if (is_selinux_enabled() < 1)
        return;

    ap_hook_post_config(selinux_post_config,
                        NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_post_read_request(selinux_post_read_request,
                              NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_handler(selinux_handler,
                    NULL, NULL, APR_HOOK_REALLY_FIRST);
}
static void register_hooks(apr_pool_t *p)
{
    static const char *const postread_afterme_list[] = {
        "mod_security2.c",
        NULL
    };

    /*
     * mod_ssl is AP_FTYPE_CONNECTION + 5 and mod_myfixip needs to
     * be called before mod_ssl.
     */
    ap_register_input_filter(myfixip_filter_name, helocon_filter_in, NULL, AP_FTYPE_CONNECTION + 9);
    ap_hook_post_config(post_config, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_child_init(child_init, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_pre_connection(pre_connection, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_post_read_request(post_read_handler, NULL, postread_afterme_list, APR_HOOK_REALLY_FIRST);
}
static void register_hooks(apr_pool_t *p)
{   
    ap_hook_post_config(mod_stlog_init, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_post_read_request(mod_stlog_post_read_request, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_translate_name(mod_stlog_translate_name, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_map_to_storage(mod_stlog_map_to_storage, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_check_user_id(mod_stlog_check_user_id, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_type_checker(mod_stlog_type_checker, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_access_checker(mod_stlog_access_checker, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_auth_checker(mod_stlog_auth_checker, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_insert_filter(mod_stlog_insert_filter, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_fixups(mod_stlog_fixups, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_quick_handler(mod_stlog_quick_handler, NULL, NULL, APR_HOOK_FIRST);
    ap_hook_handler(mod_stlog_handler, NULL, NULL, APR_HOOK_REALLY_FIRST);
    ap_hook_log_transaction(mod_stlog_log_transaction, NULL, NULL, APR_HOOK_MIDDLE);
    //ap_hook_error_log(mod_stlog_error_log, NULL, NULL, APR_HOOK_MIDDLE);
}
Exemple #18
0
static void ssl_register_hooks(apr_pool_t *p)
{
    /* ssl_hook_ReadReq needs to use the BrowserMatch settings so must
     * run after mod_setenvif's post_read_request hook. */
    static const char *pre_prr[] = { "mod_setenvif.c", NULL };

    ssl_io_filter_register(p);

    ap_hook_pre_connection(ssl_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE);
    ap_hook_process_connection(ssl_hook_process_connection, 
                                                   NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_test_config   (ssl_hook_ConfigTest,    NULL,NULL, APR_HOOK_MIDDLE);
    ap_hook_post_config   (ssl_init_Module,        NULL,NULL, APR_HOOK_MIDDLE);
    ap_hook_http_scheme   (ssl_hook_http_scheme,   NULL,NULL, APR_HOOK_MIDDLE);
    ap_hook_default_port  (ssl_hook_default_port,  NULL,NULL, APR_HOOK_MIDDLE);
    ap_hook_pre_config    (ssl_hook_pre_config,    NULL,NULL, APR_HOOK_MIDDLE);
    ap_hook_child_init    (ssl_init_Child,         NULL,NULL, APR_HOOK_MIDDLE);
    ap_hook_check_authn   (ssl_hook_UserCheck,     NULL,NULL, APR_HOOK_FIRST,
                           AP_AUTH_INTERNAL_PER_CONF);
    ap_hook_fixups        (ssl_hook_Fixup,         NULL,NULL, APR_HOOK_MIDDLE);
    ap_hook_check_access  (ssl_hook_Access,        NULL,NULL, APR_HOOK_MIDDLE,
                           AP_AUTH_INTERNAL_PER_CONF);
    ap_hook_check_authz   (ssl_hook_Auth,          NULL,NULL, APR_HOOK_MIDDLE,
                           AP_AUTH_INTERNAL_PER_CONF);
    ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE);

    ssl_var_register(p);

    APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
    APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);

    ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "ssl",
                              AUTHZ_PROVIDER_VERSION,
                              &ssl_authz_provider_require_ssl,
                              AP_AUTH_INTERNAL_PER_CONF);

    ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "ssl-verify-client",
                              AUTHZ_PROVIDER_VERSION,
                              &ssl_authz_provider_verify_client,
                              AP_AUTH_INTERNAL_PER_CONF);

}
Exemple #19
0
void h2_h2_register_hooks(void)
{
    /* When the connection processing actually starts, we might to
     * take over, if h2* was selected as protocol.
     */
    ap_hook_process_connection(h2_h2_process_conn, 
                               mod_ssl, NULL, APR_HOOK_MIDDLE);
                               
    /* Perform connection cleanup before the actual processing happens.
     */
    ap_hook_process_connection(h2_h2_remove_timeout, 
                               mod_reqtimeout, NULL, APR_HOOK_LAST);
    
    /* With "H2SerializeHeaders On", we install the filter in this hook
     * that parses the response. This needs to happen before any other post
     * read function terminates the request with an error. Otherwise we will
     * never see the response.
     */
    ap_hook_post_read_request(h2_h2_post_read_req, NULL, NULL, APR_HOOK_REALLY_FIRST);
}
Exemple #20
0
static void
register_hooks(apr_pool_t *p)
{
	/* pre_connection hook needs to run after mod_ssl connection hook. */
	static const char *pre_ssl[] = { "mod_ssl.c", NULL };

	ap_hook_child_init(child_init, NULL, NULL, APR_HOOK_MIDDLE);
	ap_hook_optional_fn_retrieve(optional_fn_retrieve, NULL,NULL,APR_HOOK_MIDDLE);
	ap_hook_post_config(post_config, NULL, NULL, APR_HOOK_MIDDLE);
	ap_hook_pre_connection(pre_connection, pre_ssl, NULL, APR_HOOK_MIDDLE);
	ap_hook_create_request(create_request, NULL, NULL, APR_HOOK_MIDDLE);
	ap_hook_post_read_request(post_read_request,NULL,NULL, APR_HOOK_LAST);
	ap_hook_check_authn(check_authn, NULL,NULL, APR_HOOK_FIRST, AP_AUTH_INTERNAL_PER_CONF);
	ap_hook_access_checker(access_checker, NULL, NULL, APR_HOOK_MIDDLE);
	ap_hook_check_access(check_access, NULL, NULL, APR_HOOK_MIDDLE, AP_AUTH_INTERNAL_PER_CONF);
	ap_hook_auth_checker(auth_checker, NULL, NULL, APR_HOOK_MIDDLE);
	ap_hook_fixups(fixups, NULL, NULL, APR_HOOK_LAST);

	ap_register_provider(p, AP_SOCACHE_PROVIDER_GROUP, "tls-aaa",
	                     AP_SOCACHE_PROVIDER_VERSION, &socache_tls_aaa);
};
Exemple #21
0
static void register_hooks(apr_pool_t * p) {
	/*
	// Modules that have to be loaded before vhx 
	static const char *const aszPre[] =
	{"mod_userdir.c", "mod_php5.c", NULL};
	// Modules that have to be loaded after vhx 
	static const char *const aszSucc[] =
	{"mod_php.c", NULL};
	*/

#ifdef HAVE_MPM_ITK_SUPPORT
	static const char * const aszSuc_itk[]= {"itk.c",NULL };
	ap_hook_post_read_request(vhx_itk_post_read, NULL, aszSuc_itk, APR_HOOK_REALLY_FIRST);
#endif /* HAVE_MPM_ITK_SUPPORT */

	ap_hook_post_config(vhx_init_handler, NULL, NULL, APR_HOOK_MIDDLE);
	//ap_hook_translate_name(vhx_translate_name, aszPre, aszSucc, APR_HOOK_FIRST);
	ap_hook_translate_name(vhx_translate_name, NULL, NULL, APR_HOOK_FIRST);

	ap_hook_optional_fn_retrieve(ImportULDAPOptFn,NULL,NULL,APR_HOOK_MIDDLE);
}
Exemple #22
0
/* Apace Register Hooks */
static void mod_track_register_hooks (apr_pool_t *p){

	//Worth trying this -
	//ap_hook_quick_handler -    called before any request processing, used by cache modules.
       
	//After accepting connection
	ap_hook_pre_connection(log_pre_conn,NULL,NULL,APR_HOOK_FIRST);
 
	//Post request read
	ap_hook_post_read_request(log_post_conn,NULL,NULL,APR_HOOK_LAST);

	//header parser
	ap_hook_header_parser(log_header_parser, NULL, NULL, APR_HOOK_MIDDLE);

	//Hook before output is sent
	log_output_start_handle = ap_register_output_filter("MOD_TRACK",
                                  log_output_start,
                                  NULL,
                                  AP_FTYPE_CONTENT_SET+1);
 
	//cleanup handler
	ap_hook_access_checker(cleanup_handler, NULL, NULL, APR_HOOK_LAST);

}
Exemple #23
0
static void register_hooks(apr_pool_t *p) {
    ap_hook_post_read_request(change_remote_ip, NULL, NULL, APR_HOOK_FIRST);
}
static int cloudflare_modify_connection(request_rec *r)
{
    conn_rec *c = r->connection;
    cloudflare_config_t *config = (cloudflare_config_t *)
        ap_get_module_config(r->server->module_config, &cloudflare_module);

    cloudflare_conn_t *conn;
#ifdef REMOTEIP_OPTIMIZED
    apr_sockaddr_t temp_sa_buff;
    apr_sockaddr_t *temp_sa = &temp_sa_buff;
#else
    apr_sockaddr_t *temp_sa;
#endif
    apr_status_t rv;
    char *remote = (char *) apr_table_get(r->headers_in, config->header_name);
    char *proxy_ips = NULL;
    char *parse_remote;
    char *eos;
    unsigned char *addrbyte;
    void *internal = NULL;

    apr_pool_userdata_get((void*)&conn, "mod_cloudflare-conn", c->pool);

    if (conn) {
        if (remote && (strcmp(remote, conn->prior_remote) == 0)) {
            /* TODO: Recycle r-> overrides from previous request
             */
            goto ditto_request_rec;
        }
        else {
            /* TODO: Revert connection from previous request
             */
            c->client_addr = conn->orig_addr;
            c->client_ip = (char *) conn->orig_ip;
        }
    }

    if (!remote) {
        if (config->deny_all) {
            return 403;
        }
        return OK;
    }

    remote = apr_pstrdup(r->pool, remote);

#ifdef REMOTEIP_OPTIMIZED
    memcpy(&temp_sa, c->client_addr, sizeof(temp_sa));
    temp_sa->pool = r->pool;
#else
    temp_sa = c->client_addr;
#endif

    while (remote) {

        /* verify c->client_addr is trusted if there is a trusted proxy list
         */
        if (config->proxymatch_ip) {
            int i;
            cloudflare_proxymatch_t *match;
            match = (cloudflare_proxymatch_t *)config->proxymatch_ip->elts;
            for (i = 0; i < config->proxymatch_ip->nelts; ++i) {
                if (apr_ipsubnet_test(match[i].ip, c->client_addr)) {
                    internal = match[i].internal;
                    break;
                }
            }
            if (i && i >= config->proxymatch_ip->nelts) {
                if (config->deny_all) {
                    return 403;
                } else {
                    break;
                }
            }
        }

        if ((parse_remote = strrchr(remote, ',')) == NULL) {
            parse_remote = remote;
            remote = NULL;
        }
        else {
            *(parse_remote++) = '\0';
        }

        while (*parse_remote == ' ')
            ++parse_remote;

        eos = parse_remote + strlen(parse_remote) - 1;
        while (eos >= parse_remote && *eos == ' ')
            *(eos--) = '\0';

        if (eos < parse_remote) {
            if (remote)
                *(remote + strlen(remote)) = ',';
            else
                remote = parse_remote;
            break;
        }

#ifdef REMOTEIP_OPTIMIZED
        /* Decode client_addr - sucks; apr_sockaddr_vars_set isn't 'public' */
        if (inet_pton(AF_INET, parse_remote,
                      &temp_sa_buff->sa.sin.sin_addr) > 0) {
            apr_sockaddr_vars_set(temp_sa, APR_INET, temp_sa.port);
        }
#if APR_HAVE_IPV6
        else if (inet_pton(AF_INET6, parse_remote,
                           &temp_sa->sa.sin6.sin6_addr) > 0) {
            apr_sockaddr_vars_set(temp_sa, APR_INET6, temp_sa.port);
        }
#endif
        else {
            rv = apr_get_netos_error();
#else /* !REMOTEIP_OPTIMIZED */
        /* We map as IPv4 rather than IPv6 for equivilant host names
         * or IPV4OVERIPV6
         */
        rv = apr_sockaddr_info_get(&temp_sa,  parse_remote,
                                   APR_UNSPEC, temp_sa->port,
                                   APR_IPV4_ADDR_OK, r->pool);
        if (rv != APR_SUCCESS) {
#endif
            ap_log_rerror(APLOG_MARK, APLOG_DEBUG,  rv, r,
                          "RemoteIP: Header %s value of %s cannot be parsed "
                          "as a client IP",
                          config->header_name, parse_remote);
            if (remote)
                *(remote + strlen(remote)) = ',';
            else
                remote = parse_remote;
            break;
        }

        addrbyte = (unsigned char *) &temp_sa->sa.sin.sin_addr;

        /* For intranet (Internal proxies) ignore all restrictions below */
        if (!internal
              && ((temp_sa->family == APR_INET
                   /* For internet (non-Internal proxies) deny all
                    * RFC3330 designated local/private subnets:
                    * 10.0.0.0/8   169.254.0.0/16  192.168.0.0/16
                    * 127.0.0.0/8  172.16.0.0/12
                    */
                      && (addrbyte[0] == 10
                       || addrbyte[0] == 127
                       || (addrbyte[0] == 169 && addrbyte[1] == 254)
                       || (addrbyte[0] == 172 && (addrbyte[1] & 0xf0) == 16)
                       || (addrbyte[0] == 192 && addrbyte[1] == 168)))
#if APR_HAVE_IPV6
               || (temp_sa->family == APR_INET6
                   /* For internet (non-Internal proxies) we translated
                    * IPv4-over-IPv6-mapped addresses as IPv4, above.
                    * Accept only Global Unicast 2000::/3 defined by RFC4291
                    */
                      && ((temp_sa->sa.sin6.sin6_addr.s6_addr[0] & 0xe0) != 0x20))
#endif
        )) {
            ap_log_rerror(APLOG_MARK, APLOG_DEBUG,  rv, r,
                          "RemoteIP: Header %s value of %s appears to be "
                          "a private IP or nonsensical.  Ignored",
                          config->header_name, parse_remote);
            if (remote)
                *(remote + strlen(remote)) = ',';
            else
                remote = parse_remote;
            break;
        }

        if (!conn) {
            conn = (cloudflare_conn_t *) apr_palloc(c->pool, sizeof(*conn));
            apr_pool_userdata_set(conn, "mod_cloudflare-conn", NULL, c->pool);
            conn->orig_addr = c->client_addr;
            conn->orig_ip = c->client_ip;
        }

        /* Set client_ip string */
        if (!internal) {
            if (proxy_ips)
                proxy_ips = apr_pstrcat(r->pool, proxy_ips, ", ",
                                        c->client_ip, NULL);
            else
                proxy_ips = c->client_ip;
        }

        c->client_addr = temp_sa;
        apr_sockaddr_ip_get(&c->client_ip, c->client_addr);
    }

    /* Nothing happened? */
    if (!conn || (c->client_addr == conn->orig_addr))
        return OK;

    /* Fixups here, remote becomes the new Via header value, etc
     * In the heavy operations above we used request scope, to limit
     * conn pool memory growth on keepalives, so here we must scope
     * the final results to the connection pool lifetime.
     * To limit memory growth, we keep recycling the same buffer
     * for the final apr_sockaddr_t in the remoteip conn rec.
     */
    c->client_ip = apr_pstrdup(c->pool, c->client_ip);
    conn->proxied_ip = c->client_ip;
    
    r->useragent_ip = c->client_ip;
    r->useragent_addr = c->client_addr;
    
    memcpy(&conn->proxied_addr, &temp_sa, sizeof(temp_sa));
    conn->proxied_addr.pool = c->pool;
    // Causing an error with mod_authz_host
    // c->client_addr = &conn->proxied_addr;

    if (remote)
        remote = apr_pstrdup(c->pool, remote);
    conn->proxied_remote = remote;
    conn->prior_remote = apr_pstrdup(c->pool, apr_table_get(r->headers_in,
                                                      config->header_name));
    if (proxy_ips)
        proxy_ips = apr_pstrdup(c->pool, proxy_ips);
    conn->proxy_ips = proxy_ips;

    /* Unset remote_host string DNS lookups */
    c->remote_host = NULL;
    c->remote_logname = NULL;

ditto_request_rec:

    // Why do we unset the headers here?
    //if (conn->proxied_remote) {
    //    apr_table_setn(r->headers_in, config->header_name, conn->proxied_remote);
    //} else {
    //    apr_table_unset(r->headers_in, config->header_name);
    // }

    if (conn->proxy_ips) {
        apr_table_setn(r->notes, "cloudflare-proxy-ip-list", conn->proxy_ips);
        if (config->proxies_header_name)
            apr_table_setn(r->headers_in, config->proxies_header_name,
                           conn->proxy_ips);
    }

    ap_log_rerror(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r,
                  conn->proxy_ips
                      ? "Using %s as client's IP by proxies %s"
                      : "Using %s as client's IP by internal proxies",
                  conn->proxied_ip, conn->proxy_ips);
    return OK;
}

static const command_rec cloudflare_cmds[] =
{
    AP_INIT_TAKE1("CloudFlareRemoteIPHeader", header_name_set, NULL, RSRC_CONF,
                  "Specifies a request header to trust as the client IP, "
                  "Overrides the default of CF-Connecting-IP"),
    AP_INIT_ITERATE("CloudFlareRemoteIPTrustedProxy", proxies_set, 0, RSRC_CONF,
                    "Specifies one or more proxies which are trusted "
                    "to present IP headers. Overrides the defaults."),
    AP_INIT_NO_ARGS("DenyAllButCloudFlare", deny_all_set, NULL, RSRC_CONF,
                    "Return a 403 status to all requests which do not originate from " 
                    "a CloudFlareRemoteIPTrustedProxy."),
    { NULL }
};

static void register_hooks(apr_pool_t *p)
{
    // We need to run very early so as to not trip up mod_security. 
    // Hence, this little trick, as mod_security runs at APR_HOOK_REALLY_FIRST.
    ap_hook_post_read_request(cloudflare_modify_connection, NULL, NULL, APR_HOOK_REALLY_FIRST - 10);
}
Exemple #25
0
void h2_alt_svc_register_hooks(void)
{
    ap_hook_post_read_request(h2_alt_svc_handler, NULL, NULL, APR_HOOK_MIDDLE);
}
static void register_hooks(apr_pool_t *pool)
{
    ap_hook_pre_connection(pre_connection, NULL, NULL, APR_HOOK_FIRST);
    ap_hook_post_read_request(post_read_request, NULL, NULL, APR_HOOK_FIRST);
}
static void register_hooks(apr_pool_t *p)
{
    // We need to run very early so as to not trip up mod_security.
    // Hence, this little trick, as mod_security runs at APR_HOOK_REALLY_FIRST.
    ap_hook_post_read_request(reverseproxy_modify_connection, NULL, NULL, APR_HOOK_REALLY_FIRST - 10);
}
Exemple #28
0
static void node_register_hooks(apr_pool_t *p)
{
    ap_hook_post_config(post_config, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_post_read_request(node_handler, NULL, NULL, APR_HOOK_REALLY_FIRST);
}
Exemple #29
0
static void register_hooks(apr_pool_t *p)
{
    ap_hook_post_read_request(remoteip_modify_request, NULL, NULL, APR_HOOK_FIRST);
}
Exemple #30
0
static void register_hooks(apr_pool_t *p)
{
    ap_hook_post_read_request( zeus_handler, NULL, NULL, APR_HOOK_FIRST );
}