diff options
author | Luca Toscano <elukey@apache.org> | 2016-12-30 19:20:04 +0100 |
---|---|---|
committer | Luca Toscano <elukey@apache.org> | 2016-12-30 19:20:04 +0100 |
commit | 687df1469f7f4eb21a58dcaeb9bf040870060e9b (patch) | |
tree | af6cc4d593ea446394212131646b5004f3fafb6d /docs/manual/mod | |
parent | Reviewed, and built the HTML. (diff) | |
download | apache2-687df1469f7f4eb21a58dcaeb9bf040870060e9b.tar.xz apache2-687df1469f7f4eb21a58dcaeb9bf040870060e9b.zip |
Documentation rebuild for mod_remoteip
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1776616 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs/manual/mod')
-rw-r--r-- | docs/manual/mod/mod_remoteip.html.en | 71 | ||||
-rw-r--r-- | docs/manual/mod/mod_remoteip.xml.fr | 2 | ||||
-rw-r--r-- | docs/manual/mod/mod_remoteip.xml.meta | 2 |
3 files changed, 73 insertions, 2 deletions
diff --git a/docs/manual/mod/mod_remoteip.html.en b/docs/manual/mod/mod_remoteip.html.en index 43388ccc83..7da43c0090 100644 --- a/docs/manual/mod/mod_remoteip.html.en +++ b/docs/manual/mod/mod_remoteip.html.en @@ -47,6 +47,12 @@ via the request headers. with the useragent IP address reported in the request header configured with the <code class="directive"><a href="#remoteipheader">RemoteIPHeader</a></code> directive.</p> + <p>Additionally, this module implements the server side of + HAProxy's + <a href="http://blog.haproxy.com/haproxy/proxy-protocol/">Proxy Protocol</a> when + using the <code class="directive"><a href="#remoteipproxyprotocolenable">RemoteIPProxyProtocolEnable</a></code> + directive.</p> + <p>Once replaced as instructed, this overridden useragent IP address is then used for the <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> <code class="directive"><a href="../mod/mod_authz_core.html#require">Require ip</a></code> @@ -69,6 +75,7 @@ via the request headers. <li><img alt="" src="../images/down.gif" /> <a href="#remoteipinternalproxy">RemoteIPInternalProxy</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#remoteipinternalproxylist">RemoteIPInternalProxyList</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#remoteipproxiesheader">RemoteIPProxiesHeader</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#remoteipproxyprotocol">RemoteIPProxyProtocol</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#remoteiptrustedproxy">RemoteIPTrustedProxy</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></li> </ul> @@ -77,6 +84,7 @@ via the request headers. <li><code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code></li> <li><code class="module"><a href="../mod/mod_status.html">mod_status</a></code></li> <li><code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code></li> +<li><a href="http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt">Proxy Protocol Spec</a></li> <li><a href="#comments_section">Comments</a></li></ul></div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> @@ -219,6 +227,69 @@ RemoteIPProxiesHeader X-Forwarded-By</pre> </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="directive-section"><h2><a name="RemoteIPProxyProtocol" id="RemoteIPProxyProtocol">RemoteIPProxyProtocol</a> <a name="remoteipproxyprotocol" id="remoteipproxyprotocol">Directive</a></h2> +<table class="directive"> +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable, optionally enable or disable the proxy protocol handling</td></tr> +<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyProtocol On|Optional|Off</code></td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> +<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr> +<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_remoteip</td></tr> +</table> + <p>The <code class="directive">RemoteIPProxyProtocolEnable</code> enables or + disables the reading and handling of the proxy protocol connection header. + If enabled with the <code>On</code> flag, the upstream client <em>must</em> + send the header every time it opens a connection or the connection will + be aborted. If enabled with the <code>Optional</code> flag, the upstream + client <em>may</em> send the header.</p> + + <p>While this directive may be specified in any virtual host, it is + important to understand that because the proxy protocol is connection + based and protocol agnostic, the enabling and disabling is actually based + on ip-address and port. This means that if you have multiple name-based + virtual hosts for the same host and port, and you enable it any one of + them, then it is enabled for all them (with that host and port). It also + means that if you attempt to enable the proxy protocol in one and disable + in the other, that won't work; in such a case the last one wins and a + notice will be logged indicating which setting was being overridden.</p> + + <div class="note">When multiple virtual hosts on the same IP and port are + configured with a combination of <code>On</code> and <code>Optional</code> + flags, connections will not be aborted if the header is not sent. + Instead, enforcement will happen after the request is read so virtual + hosts configured with <code>On</code> will return a 400 Bad Request. + Virtual hosts configured with <code>Optional</code> will continue as + usual but without replacing the client IP information</div> + + <pre class="prettyprint lang-config">Listen 80 +<VirtualHost *:80> + ServerName www.example.com + RemoteIPProxyProtocolEnable Optional + + #Requests to this virtual host may optionally not have + # a proxy protocol header provided +</VirtualHost> + +<VirtualHost *:80> + ServerName www.example.com + RemoteIPProxyProtocolEnable On + + #Requests to this virtual host must have a proxy protocol + # header provided. If it is missing, a 400 will result +</VirtualHost> + +Listen 8080 +<VirtualHost *:8080> + ServerName www.example.com + RemoteIPProxyProtocolEnable On + + #Requests to this virtual host must have a proxy protocol + # header provided. If it is missing, the connection will + # be aborted +</VirtualHost></pre> + + +</div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="directive-section"><h2><a name="RemoteIPTrustedProxy" id="RemoteIPTrustedProxy">RemoteIPTrustedProxy</a> <a name="remoteiptrustedproxy" id="remoteiptrustedproxy">Directive</a></h2> <table class="directive"> <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Restrict client IP addresses trusted to present the RemoteIPHeader value</td></tr> diff --git a/docs/manual/mod/mod_remoteip.xml.fr b/docs/manual/mod/mod_remoteip.xml.fr index 91ec2990f3..6655e17feb 100644 --- a/docs/manual/mod/mod_remoteip.xml.fr +++ b/docs/manual/mod/mod_remoteip.xml.fr @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?> -<!-- English Revision: 1704683 --> +<!-- English Revision: 1704683:1776578 (outdated) --> <!-- French translation : Lucien GENTIS --> <!-- Reviewed by : Vincent Deffontaines --> diff --git a/docs/manual/mod/mod_remoteip.xml.meta b/docs/manual/mod/mod_remoteip.xml.meta index 1a7c78a9f1..771852e80c 100644 --- a/docs/manual/mod/mod_remoteip.xml.meta +++ b/docs/manual/mod/mod_remoteip.xml.meta @@ -8,6 +8,6 @@ <variants> <variant>en</variant> - <variant>fr</variant> + <variant outdated="yes">fr</variant> </variants> </metafile> |