git.ipfire.org Git - thirdparty/apache/httpd.git/commit

author	Jim Jagielski <jim@apache.org>
	Tue, 1 Nov 2016 11:55:34 +0000 (11:55 +0000)
committer	Jim Jagielski <jim@apache.org>
	Tue, 1 Nov 2016 11:55:34 +0000 (11:55 +0000)
commit	d0c4af10ab713734de906b5634cfc15cd370fdf4
tree	8f1314ac14b63457bbfd5a9dae809bf8e0798071	tree
parent	c32f066785861dc966bce724220b818bf182b264	commit \| diff

Merge r1688399 from trunk:

mod_remoteip: Use r->useragent_addr as the root trusted address for verifying.

This fixes issue resulting in setting of bad useragent_ip when internal
redirection has been generated as response to the request (typically as
result of "ErrorDocument 40x").

In this case, the original request has been handled by mod_remoteip and its
useragent_ip has been changed properly, but when internal redirection
to ErrorDocument has been generated later, the mod_remoteip's handler has been
executed again with *the same* c->client_addr as in the original request. If
c->client_addr IP is trusted, this results in bad useragent_ip being set.

When using r->useragent_addr as the root trusted address instead of
c->client_addr, the internal redirection uses the first non-trusted
IP in this particular case, so it won't change the r->useragent_ip during
the internal redirection to ErrorDocument.

Submitted by: jkaluza
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1767483 13f79535-47bb-0310-9956-ffa450edef68

CHANGES		diff \| blob \| blame \| history
STATUS		diff \| blob \| blame \| history
modules/metadata/mod_remoteip.c		diff \| blob \| blame \| history