Roxen Mailing List Mirror

roxen.lists.roxen.general

Subject	Author	Date
first try module sometimes skipped	Eiichiro ITANI <emu[at]ceres[dot]dti[dot]ne[dot]jp>	05-09-2007
Hi. I'm running Roxen 4.5.146 servers behind reverse proxy(squid). Normally, remote ip address of requests are always RP's IP(192.168.10.1, on my site). So I wrote FIRST TRY module which rewrite id->remoteaddr with address supplied by "x-forwarded-for" header, attatched below. My module works correct most times, but sometimes conversion never occur. When it happens, it seems my first try module just skipped. I find it by no "rp_trans" DWERR message found in server log. I guess it has something to do with keep-alive connection, but I can't see how to solve this problem. Could you tell me how to fix this? Where in request path to put this kind of module? -- Eiichiro ITANI ----x8--------x8--------x8--------x8--------x8--------x8---- // reverse proxy transparentize FIRST TRY module. inherit "module"; constant cvs_version = "0.01 rp_trans.pike,v 0,1(Not cvs managed)"; constant thread_safe = 1; constant module_type = MODULE_FIRST; constant module_name = "rp_trans"; constant module_doc = "Using x-forwaded-for and remote_ip, transparentize reverse proxy host."; #define DWERR(X) werror("rp_trans: "+X+"\n") //define DWERR(X) void create() { defvar("throughhosts",Variable.StringList((),0,"Concerned as Reverse Proxy IP-Addr", "Matching IP address will be concerned as" "Reverse Proxy host. If remote address matches this," "x-forwaded-for Header will treated as remote address.")); } void first_try(RequestID id) { array(string) through = query("throughhosts"); array(string) squid_format; string remote = ""; // DWERR(id->method + " " + (string)id->raw_url + " " + (string)id->prot + "\n"); foreach (through, string rip) { if (id->remoteaddr == rip) { if (id->request_headers["x-forwarded-for"]) { if (arrayp(id->request_headers["x-forwarded-for"])) { remote = id->request_headers["x-forwarded-for"][0]; } else { squid_format = id->request_headers["x-forwarded-for"] / ", "; remote = squid_format[-1]; } // DWERR(sprintf("%s",rip+" "+remote)); } } } id->client_var["rp_trans_conn_port"] = (string)id->port_obj->port; if (remote != "") { id->misc["rp_trans"] = id->remoteaddr; id->client_var["rp_trans_converted"] = id->remoteaddr; id->remoteaddr = remote; id->client_var["ip"] = remote; } if (id->remoteaddr == "192.168.10.1") { string full_header = id->method + " " + (string)id->raw_url + " " + (string)id->prot + "\n"; foreach (indices(id->request_headers),string headers) { full_header += "\t" + headers + ": " + id->request_headers[headers] + "\n"; } DWERR(full_header); } return; }

Subject

Author

Date

Eiichiro ITANI <emu[at]ceres[dot]dti[dot]ne[dot]jp>

05-09-2007

Hi.

I'm running Roxen 4.5.146 servers behind reverse proxy(squid).
Normally, remote ip address of requests are always RP's
IP(192.168.10.1, on my site).  So I wrote FIRST TRY module which
rewrite id->remoteaddr with address supplied by "x-forwarded-for"
header, attatched below.

My module works correct most times, but sometimes conversion never
occur.  When it happens, it seems my first try module just skipped.  I
find it by no "rp_trans" DWERR message found in server log.  I guess
it has something to do with keep-alive connection, but I can't see how
to solve this problem.

Could you tell me how to fix this?  Where in request path to put this
kind of module?

--
  Eiichiro ITANI


----x8--------x8--------x8--------x8--------x8--------x8----
// reverse proxy transparentize FIRST TRY module.

inherit "module";

constant cvs_version = "0.01 rp_trans.pike,v 0,1(Not cvs managed)";
constant thread_safe = 1;
constant module_type = MODULE_FIRST;
constant module_name = "rp_trans";
constant module_doc  = "Using x-forwaded-for and remote_ip, transparentize
reverse proxy host.";

#define DWERR(X) werror("rp_trans: "+X+"\n")
//define DWERR(X)
void create() {
  defvar("throughhosts",Variable.StringList((),0,"Concerned as Reverse Proxy
IP-Addr",
                                           "Matching IP address will be
concerned as"
                                           "Reverse Proxy host. If remote
address matches this,"
                                           "x-forwaded-for Header will treated
as remote address."));
}

void first_try(RequestID id) {

  array(string) through = query("throughhosts");
  array(string) squid_format;
  string remote = "";

  //  DWERR(id->method + " " + (string)id->raw_url + " " + (string)id->prot +
"\n");
  foreach (through, string rip) {
    if (id->remoteaddr == rip) {
      if (id->request_headers["x-forwarded-for"]) {
        if (arrayp(id->request_headers["x-forwarded-for"])) {
          remote = id->request_headers["x-forwarded-for"][0];
        } else {
          squid_format = id->request_headers["x-forwarded-for"] / ", ";
          remote = squid_format[-1];
        }
        //      DWERR(sprintf("%s",rip+" "+remote));
      }
    }
  }
  id->client_var["rp_trans_conn_port"] = (string)id->port_obj->port;
  if (remote != "") {
    id->misc["rp_trans"] = id->remoteaddr;
    id->client_var["rp_trans_converted"] = id->remoteaddr;
    id->remoteaddr = remote;
    id->client_var["ip"] = remote;
  }
  if (id->remoteaddr == "192.168.10.1") {
    string full_header = id->method + " " + (string)id->raw_url + " " +
(string)id->prot + "\n";
    foreach (indices(id->request_headers),string headers) {
      full_header += "\t" + headers + ": " + id->request_headers[headers] + "\n";
    }
    DWERR(full_header);
  }
  return;
}

Roxen & Pike List Archives

roxen.lists.roxen.general