The Apache Haus Forum

Advanced search  

News:

Welcome to Apache Haus Distribution Forum

Pages: [1] 2   Go Down

Author Topic: mod_rpaf  (Read 14715 times)

Sob

  • Jr. Member
  • **
  • Offline Offline
  • Posts: 72
mod_rpaf
« on: September 11, 2010, 06:34:25 PM »

I have one tip for useful module for your collection on download page - mod_rpaf.

When I needed to share one IP address for multiple physical webservers, it was easily solved using proxy/load balancer. But I just hated the loss of real client addresses visible to webservers. Everything had proxy address as source. I could get the real addresses from X-Forwarded-For header in php, but that wasn't solution for other things like mod_geoip or httpd logs. "Someone must have already solved this" I though and I was right.

Source can be found at http://stderr.net/apache/rpaf/

And compilation is quick and easy:

Code: [Select]
cl.exe /MD /W3 /O2 /D WIN32 /D NDEBUG -I"c:\Apache22\include" -c mod_rpaf-2.0.c
link.exe /dll /machine:AMD64 /OUT:mod_rpaf.so /libpath:"c:\Apache22\lib" mod_rpaf-2.0.obj libapr-1.lib libhttpd.lib ws2_32.lib

I used 32-bit version without any problems for about six months and now 64-bit version for about two weeks.

I wasn't able to find Windows x64 binary anywhere, Apache Haus can be first if you want. :)
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 833
Re: mod_rpaf
« Reply #1 on: September 12, 2010, 07:36:29 PM »

I'm game, I'm just trying to understand how to configure it since I will have to show a sample config in the readme to put with it, over and above what I'm seeing on that page.

I guess I could play with a win32 build with one domain since I do have the Atom with 2.3.8 on it exposed, as well as my server. Unfortunately I would want to use it as the front end and I have had no luck getting any 3rd party module to load on the alpha.

@Mario, thoughts?
Logged

Sob

  • Jr. Member
  • **
  • Offline Offline
  • Posts: 72
Re: mod_rpaf
« Reply #2 on: September 12, 2010, 09:47:19 PM »

You just load the module into backend server and configuration is very easy:

RPAFenable On/Off - No description necessary.
RPAFproxy_ips a.a.a.a b.b.b.b c.c.c.c - IP(s) of proxy servers sending the requests, client IP will be rewritten only for requests coming from these IPs, not for others, because headers from elsewhere could be forged.
RPAFheader X-Forwarded-For - Name of header to take the client IP from.
RPAFsethostname On/Off - If enabled, it will set the Host header of the request to value from X-Forwarded-Host or X-Host header. It must be enabled if backend server is configured for virtual hosts and real hostnames that clients request and proxy does not just pass Host header. I use Pound (http://www.apsis.ch/pound/) and it doesn't need it, because it passes Host header from client request. If I understand it correctly (I didn't test it), it's needed for proxies created using mod_proxy, because they send address/hostname of configured backend server in Host header and hostname requested by client is in X-Forwarded-Host or X-Host depending on version.
Logged

Sob

  • Jr. Member
  • **
  • Offline Offline
  • Posts: 72
Re: mod_rpaf
« Reply #3 on: September 12, 2010, 10:43:27 PM »

And btw, I just tried the module with your 2.3.8-alpha x64 and it seems to work fine.
Logged

mario

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 575
Re: mod_rpaf
« Reply #4 on: September 13, 2010, 11:00:14 AM »


@Mario, thoughts?

Well I can try on my w2k8r2 server. I gonna play with it a bit.
_____________________________
Update:

So this works mostly like a proxy chain??

client<---->apache_with_rpaf<---->real_proxy

Is that correct?
« Last Edit: September 13, 2010, 11:45:50 AM by mario »
Logged

mario

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 575
Re: mod_rpaf
« Reply #5 on: September 13, 2010, 11:16:32 AM »

Building went very smooth  :)

But I added
Code: [Select]
MT -manifest mod_rpaf.so.manifest -outputresource:mod_rpaf.so;2

My test config wil be
Code: [Select]
LoadModule rpaf_module modules/mod_rpaf.so

<IfModule mod_rpaf.c>
    RPAFenable On
    RPAFproxy_ips 192.168.178.1
</IfModule>
Logged

Sob

  • Jr. Member
  • **
  • Offline Offline
  • Posts: 72
Re: mod_rpaf
« Reply #6 on: September 13, 2010, 01:59:16 PM »

So this works mostly like a proxy chain??

Nope.

client <----> proxy/balancer <----> backend server with apache and rpaf

Without rpaf, backend server sees all connections coming from proxy's IP. With rpaf enabled and proxy's IP in RPAFproxy_ips, connections appear to come directly from client IP's, as if proxy wasn't there at all.
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 833
Re: mod_rpaf
« Reply #7 on: September 13, 2010, 06:56:12 PM »

Oh it goes on the backend, ok. I thought it went on frontend. Thanks for clarifying.

Logged

mario

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 575
Re: mod_rpaf
« Reply #8 on: October 04, 2010, 11:52:51 AM »

As 64 bit version mod_rpaf is now on the download page.

----- edit ---
also added 32 bit version.
« Last Edit: October 04, 2010, 01:02:53 PM by mario »
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 833
Re: mod_rpaf
« Reply #9 on: October 04, 2010, 06:52:27 PM »

Thanks Mario
Logged

mario

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 575
Re: mod_rpaf
« Reply #10 on: December 14, 2011, 11:01:13 AM »

Gregg did you try to compile it against apache 2.4?
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 833
Re: mod_rpaf
« Reply #11 on: December 15, 2011, 01:17:13 AM »

No, there's been some developments between 2.3.15 & 2.4.now that has broken a lot of modules. It's fixable but messy.  Why, are you trying and getting an error on the lines of "remote_ip is not part of conn_rec (or remote_addr/request_req)"?

http://marc.info/?l=apache-httpd-dev&m=132223067705331&w=2

Want to have some real fun, try building mod_security :o
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 833
Re: mod_rpaf
« Reply #12 on: December 17, 2011, 12:47:36 AM »

Well, I built one against 2.3.16 so I will include it in the 2.3.16 packages when I get them done.
It loads, but that is as far as I have tested it.
Logged

mario

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 575
Re: mod_rpaf
« Reply #13 on: December 17, 2011, 09:45:56 PM »

Good to know that it works! Or at least loads.

Speaking of 2.4 coming.... all these new mods like firehorse. Will be intressting
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 833
Re: mod_rpaf
« Reply #14 on: December 17, 2011, 10:21:50 PM »

not sure firehose, , mod_policy or mod_combine will make 2.4.0, I think they'll get added eventually during the 2.4 lifetime. I like the sound of mod_combine
Logged
Pages: [1] 2   Go Up
 

Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13