X-forwarded-for header patch

From: Ross West <westr#connection.ca>
Date: Thu, 17 Jul 2008 17:40:13 -0400

Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor".

Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ".

Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line.

So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]

If people want to check/test/merge/etc, that would be great. diffed against a fresh 1.3.15.2 src package (mine being renamed for 15.2.1)

Cheers,
  Ross.

-= start
diff -r -x '*.o' -x '*.dist' haproxy-1.3.15.2/include/common/defaults.h haproxy-1.3.15.2.1/include/common/defaults.h 110a111,113
> // X-Forwarded-For header default
> #define DEF_XFORWARDFOR_HDR "X-Forwarded-For"
>

diff -r -x '*.o' -x '*.dist' haproxy-1.3.15.2/include/types/proxy.h haproxy-1.3.15.2.1/include/types/proxy.h 200a201,202
> char *forwardforhdr_name; /* header to use - default: "x-forwarded-for" */
> int forwardforhdr_len; /* length of "x-forwarded-for" header */

diff -r -x '*.o' -x '*.dist' haproxy-1.3.15.2/src/cfgparse.c haproxy-1.3.15.2.1/src/cfgparse.c 1320,1324c1320,1358

<                       if (*(args[2])) {
<                               if (!strcmp(args[2], "except")) {
<                                       if (!*args[3] || !str2net(args[3], &curproxy->except_net, &curproxy->except_mask)) {
<                                               Alert("parsing [%s:%d] : '%s' only supports optional 'except' address[/mask].\n",
<                                                     file, linenum, args[0]);
---


>                       /* set default options (ie: bitfield, header name, etc) */

>
>
> curproxy->options |= PR_O_FWDFOR;
>
> if (curproxy->forwardforhdr_name != NULL) {
> free(curproxy->forwardforhdr_name);
> }
>
> curproxy->forwardforhdr_name = strdup(DEF_XFORWARDFOR_HDR);
> curproxy->forwardforhdr_len = strlen(curproxy->forwardforhdr_name);
>
> int cur_arg;
> cur_arg = 2;
> while (*args[cur_arg]) {
> if (*(args[cur_arg])) {
> if (!strcmp(args[cur_arg], "except")) {
> if (!*args[cur_arg+1] || !str2net(args[cur_arg+1], &curproxy->except_net, &curproxy->except_mask)) {
> Alert("parsing [%s:%d] : '%s' only supports optional 'except' address[/mask].\n",
> file, linenum, args[0]);
> return -1;
> }
> /* flush useless bits */
> curproxy->except_net.s_addr &= curproxy->except_mask.s_addr;
> cur_arg += 2;
>
> } else if (!strcmp(args[cur_arg], "header")) {
> if (*(args[cur_arg+1]) == 0) {
> Alert("parsing [%s:%d] : '%s' expects <header_name> as argument.\n",
> file, linenum, args[0]);
> return -1;
> }
> curproxy->forwardforhdr_name = strdup(args[cur_arg+1]);
> curproxy->forwardforhdr_len = strlen(curproxy->forwardforhdr_name);
> cur_arg += 2;
>
> } else {
> Alert("parsing [%s:%d] : '%s' only supports optional values: 'except' and 'header'.\n",
> file, linenum, args[0]);
1327,1335c1361,1362

<                                       /* flush useless bits */
<                                       curproxy->except_net.s_addr &= curproxy->except_mask.s_addr;
<                               } else {
<                                       Alert("parsing [%s:%d] : '%s' only supports optional 'except' address[/mask].\n",
<                                             file, linenum, args[0]);
<                                       return -1;
<                               }
<                       }
<                       curproxy->options |= PR_O_FWDFOR;
---


>                               }

>                       } /* end while loop */

diff -r -x '*.o' -x '*.dist' haproxy-1.3.15.2/src/proto_http.c haproxy-1.3.15.2.1/src/proto_http.c 2036,2037c2036,2038

<                                       len = sprintf(trash, "X-Forwarded-For: %d.%d.%d.%d",
<                                                     pn[0], pn[1], pn[2], pn[3]);
---


>                                       /* FIXME: fe or be, which is right? - assume "be" (backend) is best */

>                                       len = sprintf(trash, "%s: %d.%d.%d.%d",

>                                                     t->be->forwardforhdr_name, pn[0], pn[1], pn[2], pn[3]);

-= end

-- 

Received on 2008/07/17 23:40