From: Jan Kaluža Date: Tue, 30 Jun 2015 08:40:17 +0000 (+0000) Subject: mod_remoteip: Use r->useragent_addr as the root trusted address for verifying. X-Git-Tag: 2.5.0-alpha~3031 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dd6c959b3625048ee15ba4ad72e6cb7bcaf91020;p=thirdparty%2Fapache%2Fhttpd.git mod_remoteip: Use r->useragent_addr as the root trusted address for verifying. This fixes issue resulting in setting of bad useragent_ip when internal redirection has been generated as response to the request (typically as result of "ErrorDocument 40x"). In this case, the original request has been handled by mod_remoteip and its useragent_ip has been changed properly, but when internal redirection to ErrorDocument has been generated later, the mod_remoteip's handler has been executed again with *the same* c->client_addr as in the original request. If c->client_addr IP is trusted, this results in bad useragent_ip being set. When using r->useragent_addr as the root trusted address instead of c->client_addr, the internal redirection uses the first non-trusted IP in this particular case, so it won't change the r->useragent_ip during the internal redirection to ErrorDocument. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1688399 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/metadata/mod_remoteip.c b/modules/metadata/mod_remoteip.c index 0a1dfac49dd..28e01df2976 100644 --- a/modules/metadata/mod_remoteip.c +++ b/modules/metadata/mod_remoteip.c @@ -255,7 +255,7 @@ static int remoteip_modify_request(request_rec *r) } remote = apr_pstrdup(r->pool, remote); - temp_sa = c->client_addr; + temp_sa = r->useragent_addr ? r->useragent_addr : c->client_addr; while (remote) {