[Zope-dev] apache ProxyPass and REMOTE_ADDR -- any further discussion or
Joseph Wayne Norton
norton@alum.mit.edu
Tue, 25 Sep 2001 12:53:01 +0900
consensus?
User-Agent: Wanderlust/2.5.8 (Smooth Criminal) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 MULE XEmacs/21.4 (patch 1) (Copyleft) (i386-debian-linux)
Reply-To: norton@alum.mit.edu
MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya")
Content-Type: text/plain; charset=US-ASCII
Hello.
I have put together a patch (see below) which adds the necessary
support for performing user authentication based on domain (and
logging) if your zope server is hiding behind
apache+mod_proxy+mod_proxy_add_forward.
I noticed a posting to zope-dev early this year regarding apache
ProxyPass and SiteAccess
http://aspn.activestate.com/ASPN/Mail/Message/zope-Dev/479449
Has there been any further discussion or consensus on this issue?
regards,
- joe n.
*** Zope-2.4.1-src/ZServer/HTTPServer.py Wed Aug 8 22:04:32 2001
--- zope-2.4.1/ZServer/HTTPServer.py Tue Sep 25 12:01:55 2001
***************
*** 294,299 ****
--- 294,315 ----
if value and not env_has(key):
env[key]=value
env.update(self.env_override)
+
+ # set REMOTE_ADDR_X and REMOTE_HOST_X
+ if env_has('HTTP_X_FORWARDED_FOR'):
+ # only fetch last addr -- appended by mod_proxy_add_forward
+ remote_addr_x = strip(split(env['HTTP_X_FORWARDED_FOR'], ",")[-1])
+ if remote_addr_x != '':
+ env['REMOTE_ADDR_X']=remote_addr_x
+ # If we're using a resolving logger, try to get the
+ # remote host from the resolver's cache.
+ if hasattr(server.logger, 'resolver'):
+ dns_cache=server.logger.resolver.cache
+ if dns_cache.has_key(env['REMOTE_ADDR_X']):
+ remote_host_x=dns_cache[env['REMOTE_ADDR_X']][2]
+ if remote_host_x is not None:
+ env['REMOTE_HOST_X']=remote_host_x
+
return env
def continue_request(self, sin, request):
*** Zope-2.4.1-src/ZServer/medusa/http_server.py Tue Jul 3 04:45:22 2001
--- zope-2.4.1/ZServer/medusa/http_server.py Tue Sep 25 12:29:08 2001
***************
*** 284,291 ****
else:
name = t[0]
self.channel.server.logger.log (
! self.channel.addr[0],
' - %s [%s] "%s" %d %d "%s" "%s"\n' % (
name,
self.log_date_string (time.time()),
--- 284,295 ----
else:
name = t[0]
+ channel_addr=self.get_header('X-Forwarded-For')
+ if channel_addr: channel_addr = string.strip(string.split(channel_addr, ",")[-1])
+ if not channel_addr: channel_addr = self.channel.addr[0]
+
self.channel.server.logger.log (
! channel_addr,
' - %s [%s] "%s" %d %d "%s" "%s"\n' % (
name,
self.log_date_string (time.time()),
*** Zope-2.4.1-src/lib/python/AccessControl/User.py Sat Aug 4 22:49:26 2001
--- zope-2.4.1/lib/python/AccessControl/User.py Tue Sep 25 12:00:54 2001
***************
*** 1039,1048 ****
if len(spec) == 1 and spec[0] == '*':
return 1
! if request.has_key('REMOTE_HOST'):
host=request['REMOTE_HOST']
! if request.has_key('REMOTE_ADDR'):
addr=request['REMOTE_ADDR']
if not host and not addr:
--- 1039,1052 ----
if len(spec) == 1 and spec[0] == '*':
return 1
! if request.has_key('REMOTE_HOST_X'):
! host=request['REMOTE_HOST_X']
! elif request.has_key('REMOTE_HOST'):
host=request['REMOTE_HOST']
! if request.has_key('REMOTE_ADDR_X'):
! addr=request['REMOTE_ADDR_X']
! elif request.has_key('REMOTE_ADDR'):
addr=request['REMOTE_ADDR']
if not host and not addr: