[Zope-dev] apache ProxyPass and REMOTE_ADDR -- any further discussion or

Joseph Wayne Norton norton@alum.mit.edu
Tue, 25 Sep 2001 12:53:01 +0900


consensus?
User-Agent: Wanderlust/2.5.8 (Smooth Criminal) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 MULE XEmacs/21.4 (patch 1) (Copyleft) (i386-debian-linux)
Reply-To: norton@alum.mit.edu
MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya")
Content-Type: text/plain; charset=US-ASCII


Hello.

I have put together a patch (see below) which adds the necessary
support for performing user authentication based on domain (and
logging) if your zope server is hiding behind
apache+mod_proxy+mod_proxy_add_forward.

I noticed a posting to zope-dev early this year regarding apache
ProxyPass and SiteAccess

  http://aspn.activestate.com/ASPN/Mail/Message/zope-Dev/479449

Has there been any further discussion or consensus on this issue?

regards,

- joe n.


*** Zope-2.4.1-src/ZServer/HTTPServer.py        Wed Aug  8 22:04:32 2001
--- zope-2.4.1/ZServer/HTTPServer.py    Tue Sep 25 12:01:55 2001
***************
*** 294,299 ****
--- 294,315 ----
                  if value and not env_has(key):
                      env[key]=value
          env.update(self.env_override)
+ 
+         # set REMOTE_ADDR_X and REMOTE_HOST_X
+         if env_has('HTTP_X_FORWARDED_FOR'):
+             # only fetch last addr -- appended by mod_proxy_add_forward
+             remote_addr_x = strip(split(env['HTTP_X_FORWARDED_FOR'], ",")[-1])
+             if remote_addr_x != '':
+                 env['REMOTE_ADDR_X']=remote_addr_x
+                 # If we're using a resolving logger, try to get the
+                 # remote host from the resolver's cache.
+                 if hasattr(server.logger, 'resolver'):
+                     dns_cache=server.logger.resolver.cache
+                     if dns_cache.has_key(env['REMOTE_ADDR_X']):
+                         remote_host_x=dns_cache[env['REMOTE_ADDR_X']][2]
+                         if remote_host_x is not None:
+                             env['REMOTE_HOST_X']=remote_host_x
+ 
          return env
  
      def continue_request(self, sin, request):
*** Zope-2.4.1-src/ZServer/medusa/http_server.py        Tue Jul  3 04:45:22 2001
--- zope-2.4.1/ZServer/medusa/http_server.py    Tue Sep 25 12:29:08 2001
***************
*** 284,291 ****
                  else:
                      name = t[0]
  
          self.channel.server.logger.log (
!             self.channel.addr[0],
              ' - %s [%s] "%s" %d %d "%s" "%s"\n' % (
                  name,
                  self.log_date_string (time.time()),
--- 284,295 ----
                  else:
                      name = t[0]
  
+         channel_addr=self.get_header('X-Forwarded-For')
+         if channel_addr: channel_addr = string.strip(string.split(channel_addr, ",")[-1])
+         if not channel_addr: channel_addr = self.channel.addr[0]
+         
          self.channel.server.logger.log (
!             channel_addr,
              ' - %s [%s] "%s" %d %d "%s" "%s"\n' % (
                  name,
                  self.log_date_string (time.time()),
*** Zope-2.4.1-src/lib/python/AccessControl/User.py     Sat Aug  4 22:49:26 2001
--- zope-2.4.1/lib/python/AccessControl/User.py Tue Sep 25 12:00:54 2001
***************
*** 1039,1048 ****
      if len(spec) == 1 and spec[0] == '*':
          return 1
  
!     if request.has_key('REMOTE_HOST'):
          host=request['REMOTE_HOST']
  
!     if request.has_key('REMOTE_ADDR'):
          addr=request['REMOTE_ADDR']
  
      if not host and not addr:
--- 1039,1052 ----
      if len(spec) == 1 and spec[0] == '*':
          return 1
  
!     if request.has_key('REMOTE_HOST_X'):
!         host=request['REMOTE_HOST_X']
!     elif request.has_key('REMOTE_HOST'):
          host=request['REMOTE_HOST']
  
!     if request.has_key('REMOTE_ADDR_X'):
!         addr=request['REMOTE_ADDR_X']
!     elif request.has_key('REMOTE_ADDR'):
          addr=request['REMOTE_ADDR']
  
      if not host and not addr: