Lighttpd

Do you think this is still an issue in lighttpd git master? CGI gets REMOTE_ADDR from con->dst_addr_buf, which will be "" for AF_UNIX with current behavior of inet_ntop_cache_get_ip(). Maybe sun_path should be returned for AF_UNIX (as you first suggested), since con->dst_addr_buf is used in many places, not just for the CGI environment. (As an aside, there is a bug if the OS is so old that inet_ntop() is not available to lighttpd.)

Regarding the language in RFC3875, if you are using lighttpd with AF_UNIX sockets, and you need a valid REMOTE_ADDR, you are probably proxying, and so you can use mod_extforward to have lighttpd update con->dst_addr_buf to the actual remote address, leading to an IP address in REMOTE_ADDR for your CGI.

--- a/src/inet_ntop_cache.c
+++ b/src/inet_ntop_cache.c
@@ -474,6 +474,9 @@ const char * inet_ntop_cache_get_ip(server *srv, sock_addr *addr) {

        int i;
        UNUSED(srv);
+      #ifdef HAVE_SYS_UN_H
+       if (addr->plain.sa_family == AF_UNIX) return addr->un.sun_path;
+      #endif
        for (i = 0; i < INET_NTOP_CACHE_MAX; i++) {
                if (inet_ntop_cache[i].family == addr->plain.sa_family) {
                        if (inet_ntop_cache[i].family == AF_INET6 &&
@@ -515,6 +518,9 @@ const char * inet_ntop_cache_get_ip(server *srv, sock_addr *addr) {
        return inet_ntop_cache[i].b2;
 #else
        UNUSED(srv);
+      #ifdef HAVE_SYS_UN_H
+       if (addr->plain.sa_family == AF_UNIX) return addr->un.sun_path;
+      #endif
        return inet_ntoa(addr->ipv4.sin_addr);
 #endif
 }

gstrauss wrote:

Do you think this is still an issue in lighttpd git master? CGI gets REMOTE_ADDR from con->dst_addr_buf, which will be "" for AF_UNIX with current behavior of inet_ntop_cache_get_ip().

That would work fine for our purposes. We just need a way to identify a request that was forwarded from our proxy.

Maybe sun_path should be returned for AF_UNIX (as you first suggested), since con->dst_addr_buf is used in many places, not just for the CGI environment.

I tried that but sun_path doesn't (usually) have a valid path so you get garbage there.

Regarding the language in RFC3875, if you are using lighttpd with AF_UNIX sockets, and you need a valid REMOTE_ADDR, you are probably proxying, and so you can use mod_extforward to have lighttpd update con->dst_addr_buf to the actual remote address, leading to an IP address in REMOTE_ADDR for your CGI.

In our case, we just need to know whether the request come from our proxy (running on the same machine) or directly via LAN/WAN. We don't care about the IP address of where the request originated.

I tried that but sun_path doesn't (usually) have a valid path so you get garbage there.

What operating system? With the patch above, con->dst_addr_buf should contain the value obtained from the (sockaddr *) filled in by accept() or accept4() or paccept(), as long as you're testing with lighttpd git master.

In our case, we just need to know whether the request come from our proxy (running on the same machine) or directly via LAN/WAN. We don't care about the IP address of where the request originated.

For this specific need, you can use mod_setenv to set an environment variable of your choosing within the $SERVER["socket"] condition in your lighttpd config.

gstrauss wrote:

In our case, we just need to know whether the request come from our proxy (running on the same machine) or directly via LAN/WAN. We don't care about the IP address of where the request originated.

For this specific need, you can use mod_setenv to set an environment variable of your choosing within the $SERVER["socket"] condition in your lighttpd config.

Oh, I wasn't aware of that possibility. It seems to work great and is probably a more reliably solution as well. Thanks for the suggestion!