rpms/mod_extract_forwarded/devel mod_extract_forwarded.conf, NONE, 1.1 mod_extract_forwarded.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2

Tim Jackson (timj) fedora-extras-commits at redhat.com
Sat Apr 29 10:56:10 UTC 2006 

Author: timj

Update of /cvs/extras/rpms/mod_extract_forwarded/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26909/devel

Modified Files:
	.cvsignore sources 
Added Files:
	mod_extract_forwarded.conf mod_extract_forwarded.spec 
Log Message:
auto-import mod_extract_forwarded-2.0.2-1 on branch devel from mod_extract_forwarded-2.0.2-1.src.rpm


--- NEW FILE mod_extract_forwarded.conf ---
LoadModule extract_forwarded_module modules/mod_extract_forwarded.so

# MEForder can have either of two value 'refuse,accept' or 'accept,refuse' and 
# specifies the order in which the information in two associated directives,
# MEFaccept and MEFrefuse, are intepreted. The MEFaccept and MEFrefuse 
# directives are each used to spcifiy one or more IP numbers.

MEForder refuse,accept

# MEFrefuse can be 'all' OR a list of IP numbers and/or domain names of trusted
# proxy servers whose IP number can be derived by DNS from the domain name.
# The presence of 'all' overrides any particular IP numbers and means that no 
# proxy servers are to be trusted. Individual IP numbers mean that those proxy 
# servers having them are not to be trusted. This defaults to 'all'.

MEFrefuse all

# MEFaccept can be 'all' OR a list of IP numbers and/or domain names of trusted 
# proxy servers whose IP number can be derived by DNS from the domain name.
# The presence of 'all' overrides any particular IP numbers and means that all 
# proxy servers are to be trusted.
# Individual IP numbers mean that those the proxy servers having them are to be 
# trusted. This defaults to an empty list of trusted IP numbers.

# MEFaccept 1.2.3.4  1.2.3.5 

# Normal mode of use is to say:
#
#   MEForder refuse,accept
#   MEFrefuse all
#   MEFaccept <space separated list of your trusted proxy servers' IP numbers>
#
# with the MEForder directive saying apply the MEFrefuse rule first then the 
# MEFaccept rule.
# The MEFrefuse rule says do not trust any proxy servers but this is selectively
# overridden for particular IP numbers listed by the MEFaccept directive.

# MEFaddenv can be 'off', 'on' (the default) or a string. 'off' means that when
# spoofing, do not add an environment variable whose value is the IP number of
# the connecting machine. 'on' means that when spoofing, add an environment 
# variable called 'MEF_RPROXY_ADDR' whose value is the IP number of the 
# connecting machine.
# A string means that when spoofing, add an environment variable named by the 
# string supplied whose value is the IP number of the connecting machine.

MEFaddenv on

# MEFdebug can be 'on' or 'off' (the default). When turned 'on' information 
# about how the mod_extract_forwarded module is processing every request to your
# Apache 2 server, and any associated internal redirects or subsrequests, is 
# written to the server's error_log.
# The amount of output written and the way it is generated is such that you 
# would never normally want to turn this feature on.
# This feature is intended for debugging operation of the mod_extract_forwarded 
# module and it is unlikely you will want to do that.

MEFdebug off


--- NEW FILE mod_extract_forwarded.spec ---
Name:           mod_extract_forwarded
Version:        2.0.2
Release:        1%{?dist}
Summary:        Extract real source IP for forwarded HTTP requests

Group:          System Environment/Daemons
License:        Apache Software License
URL:            http://www.openinfo.co.uk/apache/
Source0:        http://www.openinfo.co.uk/apache/extract_forwarded-%{version}.tar.gz
Source1:	mod_extract_forwarded.conf
BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

BuildRequires:  httpd-devel >= 2.0.38
Requires:       httpd httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn || echo missing)

%description
mod_extract_forwarded hooks itself into Apache's header parsing phase and looks 
for the X-Forwarded-For header which some (most?) proxies add to the proxied 
HTTP requests. It extracts the IP from the X-Forwarded-For and modifies the 
connection data so to the rest of Apache the request looks like it came from 
that IP rather than the proxy IP.

%prep
%setup -q -n extract_forwarded


%build
/usr/sbin/apxs -Wc,"%{optflags}" -c mod_extract_forwarded.c


%install
rm -rf %{buildroot}
mkdir -p %{buildroot}%{_libdir}/httpd/modules/
mkdir -p %{buildroot}/%{_sysconfdir}/httpd/conf.d/
install -p .libs/mod_extract_forwarded.so %{buildroot}/%{_libdir}/httpd/modules/
install -m644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/httpd/conf.d/

# Docs don't need to be executable
chmod -x INSTALL README

%clean
rm -rf %{buildroot}


%files
%defattr(-,root,root,-)
%doc INSTALL README
%{_libdir}/httpd/modules/mod_extract_forwarded.so
%config(noreplace) /etc/httpd/conf.d/mod_extract_forwarded.conf


%changelog
* Wed Jan 11 2006 Tim Jackson <rpm at timj.co.uk> 2.0.2-1
- Initial build


Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/mod_extract_forwarded/devel/.cvsignore,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- .cvsignore	29 Apr 2006 10:55:29 -0000	1.1
+++ .cvsignore	29 Apr 2006 10:56:10 -0000	1.2
@@ -0,0 +1 @@
+extract_forwarded-2.0.2.tar.gz


Index: sources
===================================================================
RCS file: /cvs/extras/rpms/mod_extract_forwarded/devel/sources,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sources	29 Apr 2006 10:55:29 -0000	1.1
+++ sources	29 Apr 2006 10:56:10 -0000	1.2
@@ -0,0 +1 @@
+d7aeb59fa81cbe74c485c33873ea1c65  extract_forwarded-2.0.2.tar.gz

More information about the fedora-extras-commits mailing list