added QSE_HTTPD_RSRC_PROXY_X_FORWARDED and actual implementation

This commit is contained in:
hyung-hwan 2014-10-13 14:14:06 +00:00
parent 743196e796
commit c5001505cd
5 changed files with 35 additions and 67 deletions

View File

@ -204,6 +204,7 @@ struct loccfg_t
unsigned int allow_upgrade: 1; unsigned int allow_upgrade: 1;
unsigned int dns_enabled: 1; unsigned int dns_enabled: 1;
unsigned int urs_enabled: 1; unsigned int urs_enabled: 1;
unsigned int x_forwarded: 1;
qse_nwad_t dns_nwad; /* TODO: multiple dns */ qse_nwad_t dns_nwad; /* TODO: multiple dns */
qse_nwad_t urs_nwad; /* TODO: multiple urs */ qse_nwad_t urs_nwad; /* TODO: multiple urs */
int dns_timeout; int dns_timeout;
@ -646,6 +647,11 @@ proxy_ok:
root->u.proxy.urs_prerewrite_mod = loccfg->proxy.urs_prerewrite_mod; root->u.proxy.urs_prerewrite_mod = loccfg->proxy.urs_prerewrite_mod;
} }
if (loccfg->proxy.x_forwarded)
{
root->u.proxy.flags |= QSE_HTTPD_RSRC_PROXY_X_FORWARDED;
}
if (loccfg->proxy.allow_upgrade) if (loccfg->proxy.allow_upgrade)
{ {
root->u.proxy.flags |= QSE_HTTPD_RSRC_PROXY_ALLOW_UPGRADE; root->u.proxy.flags |= QSE_HTTPD_RSRC_PROXY_ALLOW_UPGRADE;
@ -1522,6 +1528,11 @@ static int load_loccfg_proxy (qse_httpd_t* httpd, qse_xli_t* xli, qse_xli_list_t
if (!pair && default_proxy) pair = qse_xli_findpair (xli, default_proxy, QSE_T("upgrade")); if (!pair && default_proxy) pair = qse_xli_findpair (xli, default_proxy, QSE_T("upgrade"));
if (pair) cfg->proxy.allow_upgrade = get_boolean ((qse_xli_str_t*)pair->val); if (pair) cfg->proxy.allow_upgrade = get_boolean ((qse_xli_str_t*)pair->val);
pair = QSE_NULL;
if (proxy) pair = qse_xli_findpair (xli, proxy, QSE_T("x-forwarded"));
if (!pair && default_proxy) pair = qse_xli_findpair (xli, default_proxy, QSE_T("x-forwarded"));
if (pair) cfg->proxy.x_forwarded = get_boolean ((qse_xli_str_t*)pair->val);
pair = QSE_NULL; pair = QSE_NULL;
if (proxy) pair = qse_xli_findpair (xli, proxy, QSE_T("pseudonym")); if (proxy) pair = qse_xli_findpair (xli, proxy, QSE_T("pseudonym"));
if (!pair && default_proxy) pair = qse_xli_findpair (xli, default_proxy, QSE_T("pseudonym")); if (!pair && default_proxy) pair = qse_xli_findpair (xli, default_proxy, QSE_T("pseudonym"));
@ -2059,6 +2070,7 @@ static int open_config_file (qse_httpd_t* httpd)
{ QSE_T("server-default.proxy.connect"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } }, { QSE_T("server-default.proxy.connect"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } },
{ QSE_T("server-default.proxy.intercept"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } }, { QSE_T("server-default.proxy.intercept"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } },
{ QSE_T("server-default.proxy.upgrade"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } }, { QSE_T("server-default.proxy.upgrade"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } },
{ QSE_T("server-default.proxy.x-forwarded"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } },
{ QSE_T("server-default.proxy.pseudonym"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } }, { QSE_T("server-default.proxy.pseudonym"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } },
{ QSE_T("server-default.proxy.dns-enabled"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } }, { QSE_T("server-default.proxy.dns-enabled"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } },
{ QSE_T("server-default.proxy.dns-server"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } }, { QSE_T("server-default.proxy.dns-server"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } },
@ -2116,6 +2128,7 @@ static int open_config_file (qse_httpd_t* httpd)
{ QSE_T("server.host.location.proxy.connect"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } }, { QSE_T("server.host.location.proxy.connect"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } },
{ QSE_T("server.host.location.proxy.intercept"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } }, { QSE_T("server.host.location.proxy.intercept"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } },
{ QSE_T("server.host.location.proxy.upgrade"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } }, { QSE_T("server.host.location.proxy.upgrade"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } },
{ QSE_T("server.host.location.proxy.x-forwarded"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } },
{ QSE_T("server.host.location.proxy.pseudonym"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } }, { QSE_T("server.host.location.proxy.pseudonym"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } },
{ QSE_T("server.host.location.proxy.dns-enabled"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } }, { QSE_T("server.host.location.proxy.dns-enabled"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } },
{ QSE_T("server.host.location.proxy.dns-server"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } }, { QSE_T("server.host.location.proxy.dns-server"), { QSE_XLI_SCM_VALSTR | QSE_XLI_SCM_KEYNODUP, 1, 1 } },

View File

@ -140,6 +140,7 @@ server-default {
connect = yes; # yes/on, no/off connect = yes; # yes/on, no/off
intercept = yes; # yes/proxy/on, local, no/off, intercept = yes; # yes/proxy/on, local, no/off,
upgrade = yes; # yes/on, no/off upgrade = yes; # yes/on, no/off
x-forwarded = yes; # yes/on, no/off
#pseudonym = "nice-host"; #pseudonym = "nice-host";

View File

@ -769,12 +769,13 @@ enum qse_httpd_rsrc_proxy_flag_t
{ {
QSE_HTTPD_RSRC_PROXY_RAW = (1 << 0), /* raw proxying. set this for CONNECT */ QSE_HTTPD_RSRC_PROXY_RAW = (1 << 0), /* raw proxying. set this for CONNECT */
QSE_HTTPD_RSRC_PROXY_TRANSPARENT = (1 << 1), QSE_HTTPD_RSRC_PROXY_TRANSPARENT = (1 << 1),
QSE_HTTPD_RSRC_PROXY_ALLOW_UPGRADE = (1 << 2), QSE_HTTPD_RSRC_PROXY_ALLOW_UPGRADE = (1 << 2), /* allow protocol upgrade */
QSE_HTTPD_RSRC_PROXY_DST_STR = (1 << 3), /* destination is an unresovled string pointed to by dst.str */ QSE_HTTPD_RSRC_PROXY_X_FORWARDED = (1 << 3), /* add x-forwarded-for and x-forwarded-proto */
QSE_HTTPD_RSRC_PROXY_ENABLE_DNS = (1 << 4), /* dns service enabled (udp) */ QSE_HTTPD_RSRC_PROXY_DST_STR = (1 << 4), /* destination is an unresovled string pointed to by dst.str */
QSE_HTTPD_RSRC_PROXY_ENABLE_URS = (1 << 5), /* url rewriting enabled (udp) */ QSE_HTTPD_RSRC_PROXY_ENABLE_DNS = (1 << 5), /* dns service enabled (udp) */
QSE_HTTPD_RSRC_PROXY_DNS_SERVER = (1 << 6), /* dns address specified */ QSE_HTTPD_RSRC_PROXY_ENABLE_URS = (1 << 6), /* url rewriting enabled (udp) */
QSE_HTTPD_RSRC_PROXY_URS_SERVER = (1 << 7), /* urs address specified */ QSE_HTTPD_RSRC_PROXY_DNS_SERVER = (1 << 7), /* dns address specified */
QSE_HTTPD_RSRC_PROXY_URS_SERVER = (1 << 8), /* urs address specified */
}; };
typedef enum qse_httpd_rsrc_proxy_flag_t qse_httpd_rsrc_proxy_flag_t; typedef enum qse_httpd_rsrc_proxy_flag_t qse_httpd_rsrc_proxy_flag_t;

View File

@ -53,10 +53,10 @@ struct task_proxy_t
#define PROXY_URL_PREREWRITTEN (1 << 12) /* URL has been prerewritten in prerewrite(). */ #define PROXY_URL_PREREWRITTEN (1 << 12) /* URL has been prerewritten in prerewrite(). */
#define PROXY_URL_REWRITTEN (1 << 13) #define PROXY_URL_REWRITTEN (1 << 13)
#define PROXY_URL_REDIRECTED (1 << 14) #define PROXY_URL_REDIRECTED (1 << 14)
#define PROXY_X_FORWARDED_FOR (1 << 15) /* X-Forwarded-For: added */ #define PROXY_X_FORWARDED (1 << 15) /* Add X-Forwarded-For and X-Forwarded-Proto */
#define PROXY_VIA (1 << 16) /* Via: added to the request */ #define PROXY_VIA (1 << 16) /* Via: added to the request */
#define PROXY_VIA_RETURNING (1 << 17) /* Via: added to the response */ #define PROXY_VIA_RETURNING (1 << 17) /* Via: added to the response */
#define PROXY_ALLOW_UPGRADE (1 << 28) #define PROXY_ALLOW_UPGRADE (1 << 18)
#define PROXY_UPGRADE_REQUESTED (1 << 19) #define PROXY_UPGRADE_REQUESTED (1 << 19)
#define PROXY_PROTOCOL_SWITCHED (1 << 20) #define PROXY_PROTOCOL_SWITCHED (1 << 20)
#define PROXY_GOT_BAD_REQUEST (1 << 21) #define PROXY_GOT_BAD_REQUEST (1 << 21)
@ -259,58 +259,11 @@ static int proxy_capture_client_header (qse_htre_t* req, const qse_mchar_t* key,
{ {
task_proxy_t* proxy = (task_proxy_t*)ctx; task_proxy_t* proxy = (task_proxy_t*)ctx;
#if 0
if (!(proxy->flags & PROXY_TRANSPARENT))
{
if (!(proxy->flags & PROXY_X_FORWARDED_FOR) && qse_mbscasecmp (key, QSE_MT("X-Forwarded-For")) == 0)
{
/* append to X-Forwarded-For if it exists in the header.
* note that it add a comma even if the existing value is empty.
* actually, no such value must be sent in by a well-behaving
* client/proxy/load-balancer, etc. */
qse_mchar_t extra[128];
proxy->flags |= PROXY_X_FORWARDED_FOR;
qse_nwadtombs (&proxy->client->remote_addr, extra, QSE_COUNTOF(extra), QSE_NWADTOMBS_ADDR);
return proxy_add_header_to_buffer_with_extra_data (proxy, proxy->reqfwdbuf, key, val, QSE_MT(", %hs"), extra);
}
}
if (!(proxy->httpd->opt.trait & QSE_HTTPD_PROXYNOVIA) && !(proxy->flags & PROXY_VIA))
{
if (qse_mbscasecmp (key, QSE_MT("Via")) == 0)
{
qse_mchar_t extra[128];
const qse_mchar_t* pseudonym;
proxy->flags |= PROXY_VIA;
if (proxy->pseudonym[0])
{
pseudonym = proxy->pseudonym;
}
else
{
qse_nwadtombs (&proxy->client->local_addr, extra, QSE_COUNTOF(extra), QSE_NWADTOMBS_ALL);
pseudonym = extra;
}
return proxy_add_header_to_buffer_with_extra_data (
proxy, proxy->reqfwdbuf, key, val,
QSE_MT(", %d.%d %hs (%hs)"),
(int)proxy->version.major,
(int)proxy->version.minor,
pseudonym,
qse_httpd_getname(proxy->httpd));
}
}
#endif
/* EXPERIMENTAL: REMOVE HEADERS. /* EXPERIMENTAL: REMOVE HEADERS.
* FOR EXAMPLE, You can remove Referer or forge it to give analysis systems harder time */ * FOR EXAMPLE, You can remove Referer or forge it to give analysis systems harder time */
if (qse_mbscasecmp (key, QSE_MT("Transfer-Encoding")) != 0 && if (qse_mbscasecmp (key, QSE_MT("Transfer-Encoding")) != 0 &&
qse_mbscasecmp (key, QSE_MT("Content-Length")) != 0 /* EXPERIMENTAL */ /* && qse_mbscasecmp (key, QSE_MT("Content-Length")) != 0 &&
qse_mbscasecmp (key, QSE_MT("Proxy-Connection")) != 0 /* EXPERIMENTAL */ /* &&
qse_mbscasecmp (key, QSE_MT("Referer")) != 0*/) qse_mbscasecmp (key, QSE_MT("Referer")) != 0*/)
{ {
return proxy_add_header_to_buffer (proxy, proxy->reqfwdbuf, key, val); return proxy_add_header_to_buffer (proxy, proxy->reqfwdbuf, key, val);
@ -325,7 +278,8 @@ static int proxy_capture_client_trailer (qse_htre_t* req, const qse_mchar_t* key
if (qse_mbscasecmp (key, QSE_MT("Transfer-Encoding")) != 0 && if (qse_mbscasecmp (key, QSE_MT("Transfer-Encoding")) != 0 &&
qse_mbscasecmp (key, QSE_MT("Content-Length")) != 0 && qse_mbscasecmp (key, QSE_MT("Content-Length")) != 0 &&
qse_mbscasecmp (key, QSE_MT("Connection")) != 0) qse_mbscasecmp (key, QSE_MT("Connection")) != 0 &&
qse_mbscasecmp (key, QSE_MT("Proxy-Connection")) != 0)
{ {
return proxy_add_header_to_buffer (proxy, proxy->reqfwdbuf, key, val); return proxy_add_header_to_buffer (proxy, proxy->reqfwdbuf, key, val);
} }
@ -983,6 +937,7 @@ static int task_init_proxy (
if (arg->rsrc->flags & QSE_HTTPD_RSRC_PROXY_RAW) proxy->flags |= PROXY_RAW; if (arg->rsrc->flags & QSE_HTTPD_RSRC_PROXY_RAW) proxy->flags |= PROXY_RAW;
if (arg->rsrc->flags & QSE_HTTPD_RSRC_PROXY_TRANSPARENT) proxy->flags |= PROXY_TRANSPARENT; if (arg->rsrc->flags & QSE_HTTPD_RSRC_PROXY_TRANSPARENT) proxy->flags |= PROXY_TRANSPARENT;
if (arg->rsrc->flags & QSE_HTTPD_RSRC_PROXY_X_FORWARDED) proxy->flags |= PROXY_X_FORWARDED;
if (arg->rsrc->flags & QSE_HTTPD_RSRC_PROXY_ALLOW_UPGRADE) proxy->flags |= PROXY_ALLOW_UPGRADE; if (arg->rsrc->flags & QSE_HTTPD_RSRC_PROXY_ALLOW_UPGRADE) proxy->flags |= PROXY_ALLOW_UPGRADE;
proxy->peer.local = arg->rsrc->src.nwad; proxy->peer.local = arg->rsrc->src.nwad;
@ -1131,11 +1086,8 @@ qse_mbs_ncat (proxy->reqfwdbuf, spc, QSE_COUNTOF(spc));
qse_mbs_cat (proxy->reqfwdbuf, QSE_MT("\r\n")) == (qse_size_t)-1 || qse_mbs_cat (proxy->reqfwdbuf, QSE_MT("\r\n")) == (qse_size_t)-1 ||
qse_htre_walkheaders (arg->req, proxy_capture_client_header, proxy) <= -1) goto nomem_oops; qse_htre_walkheaders (arg->req, proxy_capture_client_header, proxy) <= -1) goto nomem_oops;
/*if (!(proxy->flags & (PROXY_TRANSPARENT | PROXY_X_FORWARDED_FOR)))*/ if ((proxy->flags & (PROXY_TRANSPARENT | PROXY_X_FORWARDED)) == PROXY_X_FORWARDED)
if (!(proxy->flags & PROXY_TRANSPARENT))
{ {
/* X-Forwarded-For is not added by proxy_capture_client_header()
* above. I don't care if it's included in the trailer. */
qse_mchar_t extra[128]; qse_mchar_t extra[128];
/* client's ip address */ /* client's ip address */

View File

@ -631,6 +631,7 @@ static int init_xtn_ssl (qse_httpd_t* httpd, qse_httpd_server_t* server)
} }
/* TODO: SSL_CTX_set_verify(); SSL_CTX_set_verify_depth() */
/* TODO: CRYPTO_set_id_callback (); */ /* TODO: CRYPTO_set_id_callback (); */
/* TODO: CRYPTO_set_locking_callback (); */ /* TODO: CRYPTO_set_locking_callback (); */