yum install httpd-devel -ygit clone https://github.com/matsumoto-r/mod_extract_forwarded_for_2.4.gitcd mod_extract_forwarded_for_2.4apxs -c -i mod_extract_forwarded.c

cat << 'EOS' > /etc/httpd/conf.modules.d/01-extract_forwarded.confLoadModule extract_forwarded_module modules/mod_extract_forwarded.so# MEForder can have either of two value 'refuse,accept' or 'accept,refuse' and# specifies the order in which the information in two associated directives,# MEFaccept and MEFrefuse, are intepreted. The MEFaccept and MEFrefuse# directives are each used to spcifiy one or more IP numbers.MEForder refuse,accept# MEFrefuse can be 'all' OR a list of IP numbers and/or domain names of trusted# proxy servers whose IP number can be derived by DNS from the domain name.# The presence of 'all' overrides any particular IP numbers and means that no# proxy servers are to be trusted. Individual IP numbers mean that those proxy# servers having them are not to be trusted. This defaults to 'all'.MEFrefuse all# MEFaccept can be 'all' OR a list of IP numbers and/or domain names of trusted# proxy servers whose IP number can be derived by DNS from the domain name.# The presence of 'all' overrides any particular IP numbers and means that all# proxy servers are to be trusted.# Individual IP numbers mean that those the proxy servers having them are to be# trusted. This defaults to an empty list of trusted IP numbers.MEFaccept 192.168.###.### # Normal mode of use is to say:## MEForder refuse,accept# MEFrefuse all# MEFaccept <space separated list of your trusted proxy servers' IP numbers>## with the MEForder directive saying apply the MEFrefuse rule first then the# MEFaccept rule.# The MEFrefuse rule says do not trust any proxy servers but this is selectively# overridden for particular IP numbers listed by the MEFaccept directive.# MEFaddenv can be 'off', 'on' (the default) or a string. 'off' means that when# spoofing, do not add an environment variable whose value is the IP number of# the connecting machine. 'on' means that when spoofing, add an environment# variable called 'MEF_RPROXY_ADDR' whose value is the IP number of the# connecting machine.# A string means that when spoofing, add an environment variable named by the# string supplied whose value is the IP number of the connecting machine.MEFaddenv on# MEFdebug can be 'on' or 'off' (the default). When turned 'on' information# about how the mod_extract_forwarded module is processing every request to your# Apache 2 server, and any associated internal redirects or subsrequests, is# written to the server's error_log.# The amount of output written and the way it is generated is such that you# would never normally want to turn this feature on.# This feature is intended for debugging operation of the mod_extract_forwarded# module and it is unlikely you will want to do that.MEFdebug offEOS

systemctl restart httpdsystemctl status httpd

お気軽にどうぞ。トラックバック前にポリシーをお読みください。[policy]

Trackbacks

愛のあるツッコミをお気軽にどうぞ。[policy]
古いエントリについてはコメント制御しているため、即時に反映されないことがあります。