Apache2-xForwardedFor
1 match

 view release on metacpan or  search on metacpan

lib/Apache2/xForwardedFor.pm  view on Meta::CPAN 

    $VERSION= '0.04';
}

use Apache2::Const qw(:common);

sub handler {
	my 	( $r )= shift;
	return DECLINED if $r->uri eq '/favicon.ico';
	DEBUG && print STDERR "\n============================ Apache2::xForwardedFor";

	my 	$x_forwarded_for__header_name= $r->dir_config->get('xForwardedForAlternateHeaderName') || 'X-Forwarded-For' ;
	my 	$require_header= $r->dir_config->get('xForwardedForRequire') || undef;
	
	# for testing purposes, toss in a local header value
	TEST && $r->headers_in->set( $x_forwarded_for__header_name=> '10.0.1.140' );
	my 	$x_forwarded_for__header_value= $r->headers_in->{ $x_forwarded_for__header_name };

	# if we are requiring a header to be sent, and its not there, fail immediately
	if ( $require_header ) {
		DEBUG && print STDERR "\nRequire: true";
		if ( !$x_forwarded_for__header_value ) {

lib/Apache2/xForwardedFor.pm  view on Meta::CPAN 

        DEBUG && print STDERR "\n no ip change";
    }

	# stacked handlers should still run off this
	return OK;
};

=head1 NAME

Apache2::xForwardedFor - Re-set remote_ip to incoming client's ip when running mod_perl behind a reverse proxy server. 
In other words, copy the first IP from B<X-Forwarded-For> header, which was set by your reverse proxy server, 
to the B<remote_ip> connection property.

=head1 SYNOPSIS

  in httpd.conf

    PerlModule Apache2::xForwardedFor
	PerlSetVar  xForwardedForRequire 1
	PerlSetVar  xForwardedForAccept 192.168.1.1
	PerlAddVar  xForwardedForAccept 192.168.1.2

lib/Apache2/xForwardedFor.pm  view on Meta::CPAN 

At this time you simply need to load the module and add it to the PerlPostReadRequestHandler phase of your mod_perl-enabled httpd, and set a few variables.

Apache2::xForwardedFor is really flexible and does some very odd ( but neat! ) things 

Set some variables in httpd.conf, and that's it

=head1 DESCRIPTION

Apache2::xForwardedFor will let you do all this neat stuff

  migrate X-Forwarded-For headers into $c->remote_ip for proxied requests
  specify which reverse proxy servers your mod_perl app serves to using:
     a list of IPs you allow
     a list of IPs you prohibit
     a secondary header of your choice, with a set value , inserted by the reverse proxy

This allows you to limit which hosts Apache serves content to ( in a rather flexible manner ), with just a few simple settings.

=head2 Variables

=head3 xForwardedForAlternateHeaderName

should you want to receive the X-Forwarded-For info from the proxy server on another ip, the name of it would be the value of this variable.

=head3 xForwardedForRequire

require the X-Forwarded-For header (or alternate name).  return FORBIDDEN otherwise

Why would you do this?  So that by default you can use either access apache through the proxy or directly.  This is FALSE by default, if someone wants to patch to be TRUE by default, send it my way. 

=head3 xForwardedForRequireHeaderName

should you require an additional header, this is the name of it.

Why would you do this?  Maybe you don't trust your gateway/proxy admin to be filtering headers correctly.  So you want to put a hash or an internal lan marking on internal requests.

=head3 xForwardedForRequireHeaderValue



( run in 0.368 second using v1.01-cache-2.11-cpan-26ccb49234f )