'X-Forwarded-For:' HTTP header, if present.
$Id$
+Sun Nov 13 23:08:58 EST 2005 ajc
+* Added an '-f' command line option to allow WebCit to follow the
+ 'X-Forwarded-For:' HTTP header, if present.
* Added missing HTTP headers for /listsub
-
* Discovered the style -moz-user-select:none and applied it to the mailbox
summary table, to prevent text select from ruining the appearance of our
beautiful drag and drop function.
-
* Strip prepended '/webcit' in requested url's. This may allow us to handle
incoming proxy requests from a front end web server.
* Don't require a session cookie for static content.
the "webserver" program:
webserver [-i ip_addr] [-p http_port] [-s] [-t tracefile]
- [-c] [remotehost [remoteport]]
+ [-c] [-f] [remotehost [remoteport]]
*or*
webserver [-i ip_addr] [-p http_port] [-s] [-t tracefile]
- [-c] uds /your/citadel/directory
+ [-c] [-f] uds /your/citadel/directory
Explained:
-> The "-s" option causes WebCit to present an HTTPS (SSL-encrypted) web
service. If you want to do both HTTP and HTTPS, you can simply run two
instances of WebCit on two different ports.
+
+ -> The "-f" option tells WebCit that it is allowed to follow the
+ "X-Forwarded-For:" HTTP headers which may be added if your WebCit service
+ is sitting behind a front end proxy. This will allow users in your "Who
+ is online?" list to appear as connecting from their actual host address
+ instead of the address of the proxy.
-> remotehost: the name or IP address of the host on which your Citadel
server is running. The default is "localhost".
char *content = NULL;
char *content_end = NULL;
struct httprequest *hptr;
- char browser_host[SIZ];
- char user_agent[SIZ];
+ char browser_host[256];
+ char user_agent[256];
int body_start = 0;
int is_static = 0;
safestrncpy(c_httpauth_string, "", sizeof c_httpauth_string);
safestrncpy(c_httpauth_user, DEFAULT_HTTPAUTH_USER, sizeof c_httpauth_user);
safestrncpy(c_httpauth_pass, DEFAULT_HTTPAUTH_PASS, sizeof c_httpauth_pass);
+ strcpy(browser_host, "");
WC->upload_length = 0;
WC->upload = NULL;
else if (!strncasecmp(buf, "Host: ", 6)) {
safestrncpy(WC->http_host, &buf[6], sizeof WC->http_host);
}
+ else if (!strncasecmp(buf, "X-Forwarded-For: ", 17)) {
+ safestrncpy(browser_host, &buf[17], sizeof browser_host);
+ while (num_tokens(browser_host, ',') > 1) {
+ remove_token(browser_host, 0, ',');
+ }
+ striplt(browser_host);
+ }
/* Only WAP gateways explicitly name this content-type */
else if (strstr(buf, "text/vnd.wap.wml")) {
WC->is_wap = 1;
else {
WC->connected = 1;
serv_getln(buf, sizeof buf); /* get the server welcome message */
- locate_host(browser_host, WC->http_sock);
+
+ /* From what host is our user connecting? Go with
+ * the host at the other end of the HTTP socket,
+ * unless we are following X-Forwarded-For: headers
+ * and such a header has already turned up something.
+ */
+ if ( (!follow_xff) || (strlen(browser_host) == 0) ) {
+ locate_host(browser_host, WC->http_sock);
+ }
+
get_serv_info(browser_host, user_agent);
if (serv_info.serv_rev_level < MINIMUM_CIT_VERSION) {
wprintf(_("You are connected to a Citadel "
extern int setup_wizard;
extern char wizard_filename[];
extern time_t if_modified_since;
+extern int follow_xff;
void do_setup_wizard(void);
void stuff_to_cookie(char *cookie, int session,
int verbosity = 9; /* Logging level */
int msock; /* master listening socket */
int is_https = 0; /* Nonzero if I am an HTTPS service */
+int follow_xff = 0; /* Follow X-Forwarded-For: header */
extern void *context_loop(int);
extern void *housekeeping_loop(void);
extern pthread_mutex_t SessionListMutex;
/* Parse command line */
#ifdef HAVE_OPENSSL
- while ((a = getopt(argc, argv, "h:i:p:t:x:cs")) != EOF)
+ while ((a = getopt(argc, argv, "h:i:p:t:x:cfs")) != EOF)
#else
- while ((a = getopt(argc, argv, "h:i:p:t:x:c")) != EOF)
+ while ((a = getopt(argc, argv, "h:i:p:t:x:cf")) != EOF)
#endif
switch (a) {
case 'h':
case 'x':
verbosity = atoi(optarg);
break;
+ case 'f':
+ follow_xff = 1;
+ break;
case 'c':
server_cookie = malloc(256);
if (server_cookie != NULL) {
default:
fprintf(stderr, "usage: webserver "
"[-i ip_addr] [-p http_port] "
- "[-t tracefile] [-c] "
+ "[-t tracefile] [-c] [-f] "
#ifdef HAVE_OPENSSL
"[-s] "
#endif