11/16/2012

Installing mod_rpaf to Amazon EC2 behind ELB

1. download mod_rpaf-0.6.tar.gz
2. tar xvfz mod_rpaf-0.6.tar.gz
3. cd mod_rpaf-0.6

According to the following link, I created the patch file like below.
http://tech.superhappykittymeow.com/?p=281

4. vi diff.diff


--- mod_rpaf-2.0.c 2008-01-01 03:05:40.000000000 +0000
+++ mod_rpaf-2.0.c~ 2011-08-25 20:04:39.000000000 +0000
@@ -136,13 +136,25 @@
 }

 static int is_in_array(const char *remote_ip, apr_array_header_t *proxy_ips) {
-    int i;
+   /* int i;
     char **list = (char**)proxy_ips->elts;
     for (i = 0; i < proxy_ips->nelts; i++) {
         if (strcmp(remote_ip, list[i]) == 0)
             return 1;
     }
     return 0;
+    */
+    return 1;
+}
+
+static char* last_not_in_array(apr_array_header_t *forwarded_for,
+          apr_array_header_t *proxy_ips) {
+    int i;
+    for (i = (forwarded_for->nelts)-1; i > 0; i--) {
+ if (!is_in_array(((char **)forwarded_for->elts)[i], proxy_ips))
+     break;
+    }
+    return ((char **)forwarded_for->elts)[i];
 }

 static apr_status_t rpaf_cleanup(void *data) {
@@ -161,7 +173,7 @@
     if (!cfg->enable)
         return DECLINED;

-    if (is_in_array(r->connection->remote_ip, cfg->proxy_ips) == 1) {
+    /* if (is_in_array(r->connection->remote_ip, cfg->proxy_ips) == 1) { */
         /* check if cfg->headername is set and if it is use
            that instead of X-Forwarded-For by default */
         if (cfg->headername && (fwdvalue = apr_table_get(r->headers_in, cfg->headername))) {
@@ -183,7 +195,8 @@
             rcr->old_ip = apr_pstrdup(r->connection->pool, r->connection->remote_ip);
             rcr->r = r;
             apr_pool_cleanup_register(r->pool, (void *)rcr, rpaf_cleanup, apr_pool_cleanup_null);
-            r->connection->remote_ip = apr_pstrdup(r->connection->pool, ((char **)arr->elts)[((arr->nelts)-1)]);
+            /* r->connection->remote_ip = apr_pstrdup(r->connection->pool, ((char **)arr->elts)[((arr->nelts)-1)]); */
+            r->connection->remote_ip = apr_pstrdup(r->connection->pool, last_not_in_array(arr, cfg->proxy_ips));
             r->connection->remote_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(r->connection->remote_ip);
             if (cfg->sethostname) {
                 const char *hostvalue;
@@ -201,7 +214,7 @@
             }

         }
-    }
+    /* } */
     return DECLINED;
 }
=======

5. patch < diff.diff
6.  vi Makefile
edit the fourth line like below and save it.
=======
# Makefile for mod_rpaf.c (gmake)
# $Id: Makefile 16 2007-12-13 03:40:22Z thomas $
APXS=$(shell which apxs)
#APXS2=$(shell which apxs2)
APXS2=/usr/sbin/apxs
=======

7. make rpaf-2.0
8. make install-2.0
9. /usr/sbin/apachectl configtest
10. service httpd restart
11. Check the apache log. :)