Revision 20 (by ahitrov@rambler.ru, 2010/04/29 14:44:01) Дистрибутивы и модули
/* ====================================================================
 * The Apache Software License, Version 1.1
 *
 * Copyright (c) 2000 The Apache Software Foundation.  All rights
 * reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. The end-user documentation included with the redistribution,
 *    if any, must include the following acknowledgment:
 *       "This product includes software developed by the
 *        Apache Software Foundation (http://www.apache.org/)."
 *    Alternately, this acknowledgment may appear in the software itself,
 *    if and wherever such third-party acknowledgments normally appear.
 *
 * 4. The names "Apache" and "Apache Software Foundation" must
 *    not be used to endorse or promote products derived from this
 *    software without prior written permission. For written
 *    permission, please contact apache@apache.org.
 *
 * 5. Products derived from this software may not be called "Apache",
 *    nor may "Apache" appear in their name, without prior written
 *    permission of the Apache Software Foundation.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of the Apache Software Foundation.  For more
 * information on the Apache Software Foundation, please see
 * <http://www.apache.org/>.
 *
 * Portions of this software are based upon public domain software
 * originally written at the National Center for Supercomputing Applications,
 * University of Illinois, Urbana-Champaign.
 */

/* proxy_add_forward module
 *
 * This module adds a 'X-Forwarded-For' header to outgoing
 * proxy requests like Squid does.
 *
 * You can then get the client ip back on the "proxied host" by
 * setting r->connection->remote_ip from this header.
 *
 * Ask Bjoern Hansen <ask@netcetera.dk>, October 1998

 * Changes:
 *
 * April 12 2000: Changed the license to the ASF 1.1 license.
 *
 * April 12 2000: Made it so that we append our IP to an existing
 *                "X-Forwarded-For" line instead of clobbering an 
 *                existing one. - <ahosey@systhug.com>
 *
 * June   8 1999: Added instructions on how to compile it into the
 *                frontend apache
 *
 * April 12 1999: Changed the sample code so it doesn't confuse the
 *                C compiler, ydkhr! Thanks to Mike Whitaker for 
 *                noticing. 
 *
 * March  1 1999: Added sample code on how to use the header with
 *                mod_perl
 * 

To use the module you have to compile it into the frontend part of
your server, I usually copy the module to apache-1.3/src/modules/extra/
and use APACI like:

  ./configure --prefix=/usr/local/apache \
     --activate-module=src/modules/extra/mod_proxy_add_forward.c \
     --enable-module=proxy_add_forward [... more apaci options ...]    

You should also be able to compile and use this module as a
dynamically loaded module (DSO).
 
TMTOWTDI, but I usually make the 'backend' part of the system
something like the following:

in startup.pl:

  sub My::ProxyRemoteAddr ($) {
    my $r = shift;

	# we'll only look at the X-Forwarded-For header if the requests
	# comes from our proxy at localhost
	return OK unless ($r->connection->remote_ip eq "127.0.0.1");

	if (my ($ip) = $r->header_in('X-Forwarded-For') =~ /([^,\s]+)$/) {
	  $r->connection->remote_ip($ip);
	}
	
	return OK;
  }

And in httpd.conf:

  PerlPostReadRequestHandler My::ProxyRemoteAddr
 
 */


#include "httpd.h"
#include "http_config.h"
#include "http_core.h"

module MODULE_VAR_EXPORT proxy_add_forward_module;

static int add_forward_header(request_rec *r)
{
    const char *oldvalue;

    if (r->proxyreq) {
	/* If there is an existing header, append our IP to that. */
	if (oldvalue = ap_table_get(r->headers_in, "X-Forwarded-For")) {
	    ap_table_set(r->headers_in, "X-Forwarded-For",
			 ap_pstrcat(r->pool, oldvalue, ", ", 
				    r->connection->remote_ip, NULL));
	}
	else {
	    ap_table_set(r->headers_in, "X-Forwarded-For",
			 r->connection->remote_ip);
	}
	return OK;
    }
    return DECLINED;
}

module MODULE_VAR_EXPORT proxy_add_forward_module = {
    STANDARD_MODULE_STUFF,
    NULL,                       /* initializer */
    NULL,                       /* dir config creater */
    NULL,                       /* dir merger --- default is to override */
    NULL,                       /* server config */
    NULL,                       /* merge server configs */
    NULL,                       /* command table */
    NULL,                       /* handlers */
    NULL,                       /* filename translation */
    NULL,                       /* check_user_id */
    NULL,                       /* check auth */
    NULL,                       /* check access */
    NULL,                       /* type_checker */
    add_forward_header,         /* fixups */
    NULL,                       /* logger */
    NULL,                       /* header parser */
    NULL,                       /* child_init */
    NULL,                       /* child_exit */
    NULL                        /* post read-request */
};