-const char loaders_rcs[] = "$Id: loaders.c,v 1.67 2008/03/30 14:52:08 fabiankeil Exp $";
+const char loaders_rcs[] = "$Id: loaders.c,v 1.68 2008/09/19 15:26:28 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/loaders.c,v $
*
* Revisions :
* $Log: loaders.c,v $
+ * Revision 1.68 2008/09/19 15:26:28 fabiankeil
+ * Add change-x-forwarded-for{} action to block or add
+ * X-Forwarded-For headers. Mostly based on code removed
+ * before 3.0.7.
+ *
* Revision 1.67 2008/03/30 14:52:08 fabiankeil
* Rename load_actions_file() and load_re_filterfile()
* as they load multiple files "now".
freez(csp->ip_addr_str);
freez(csp->iob->buf);
- freez(csp->x_forwarded_for);
freez(csp->error_message);
if (csp->action->flags & ACTION_FORWARD_OVERRIDE &&
-const char parsers_rcs[] = "$Id: parsers.c,v 1.141 2008/09/19 15:26:28 fabiankeil Exp $";
+const char parsers_rcs[] = "$Id: parsers.c,v 1.142 2008/09/20 10:04:33 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/parsers.c,v $
*
* Revisions :
* $Log: parsers.c,v $
+ * Revision 1.142 2008/09/20 10:04:33 fabiankeil
+ * Remove hide-forwarded-for-headers action which has
+ * been obsoleted by change-x-forwarded-for{block}.
+ *
* Revision 1.141 2008/09/19 15:26:28 fabiankeil
* Add change-x-forwarded-for{} action to block or add
* X-Forwarded-For headers. Mostly based on code removed
{
if (0 != (csp->action->flags & ACTION_CHANGE_X_FORWARDED_FOR))
{
- const char *param = csp->action->string[ACTION_STRING_CHANGE_X_FORWARDED_FOR];
+ const char *parameter = csp->action->string[ACTION_STRING_CHANGE_X_FORWARDED_FOR];
- if (0 == strcmpic(param, "block"))
+ if (0 == strcmpic(parameter, "block"))
{
freez(*header);
log_error(LOG_LEVEL_HEADER, "crunched x-forwarded-for!");
}
- else if (0 == strcmpic(param, "add"))
+ else if (0 == strcmpic(parameter, "add"))
{
- /* Save it so we can re-add it later */
- freez(csp->x_forwarded_for);
- csp->x_forwarded_for = *header;
+ string_append(header, ", ");
+ string_append(header, csp->ip_addr_str);
- /*
- * Always set *header = NULL, since this information
- * will be sent at the end of the header.
- */
- *header = NULL;
+ if (*header == NULL)
+ {
+ return JB_ERR_MEMORY;
+ }
+ log_error(LOG_LEVEL_HEADER,
+ "Appended client IP address to %s", *header);
+ csp->flags |= CSP_FLAG_X_FORWARDED_FOR_APPENDED;
}
}
char *header = NULL;
jb_err err;
- if (!((csp->action->flags & ACTION_CHANGE_X_FORWARDED_FOR) &&
- (0 == strcmpic(csp->action->string[ACTION_STRING_CHANGE_X_FORWARDED_FOR], "add"))))
+ if (!((csp->action->flags & ACTION_CHANGE_X_FORWARDED_FOR)
+ && (0 == strcmpic(csp->action->string[ACTION_STRING_CHANGE_X_FORWARDED_FOR], "add")))
+ || (csp->flags & CSP_FLAG_X_FORWARDED_FOR_APPENDED))
{
+ /*
+ * If we aren't adding X-Forwarded-For headers,
+ * or we already appended an existing X-Forwarded-For
+ * header, there's nothing left to do here.
+ */
return JB_ERR_OK;
}
- if (csp->x_forwarded_for)
- {
- header = strdup(csp->x_forwarded_for);
- string_append(&header, ", ");
- }
- else
- {
- header = strdup("X-Forwarded-For: ");
- }
+ header = strdup("X-Forwarded-For: ");
string_append(&header, csp->ip_addr_str);
if (header == NULL)
#ifndef PROJECT_H_INCLUDED
#define PROJECT_H_INCLUDED
/** Version string. */
-#define PROJECT_H_VERSION "$Id: project.h,v 1.118 2008/09/19 15:26:29 fabiankeil Exp $"
+#define PROJECT_H_VERSION "$Id: project.h,v 1.119 2008/09/20 10:04:33 fabiankeil Exp $"
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/project.h,v $
*
* Revisions :
* $Log: project.h,v $
+ * Revision 1.119 2008/09/20 10:04:33 fabiankeil
+ * Remove hide-forwarded-for-headers action which has
+ * been obsoleted by change-x-forwarded-for{block}.
+ *
* Revision 1.118 2008/09/19 15:26:29 fabiankeil
* Add change-x-forwarded-for{} action to block or add
* X-Forwarded-For headers. Mostly based on code removed
*/
#define CSP_FLAG_NO_FILTERING 0x00000400UL
+/**
+ * Flag for csp->flags: Set the client IP has appended to
+ * an already existing X-Forwarded-For header in which case
+ * no new header has to be generated.
+ */
+#define CSP_FLAG_X_FORWARDED_FOR_APPENDED 0x00000800UL
/*
* Flags for use in return codes of child processes
/** MIME-Type key, see CT_* above */
unsigned int content_type;
- /** The "X-Forwarded-For:" header sent by the client */
- /*
- * XXX: this is a hack that causes problems if
- * there's more than one X-Forwarded-For header.
- */
- char *x_forwarded_for;
-
/** Actions files associated with this client */
struct file_list *actions_list[MAX_AF_FILES];