Project

General

Profile

Actions

Feature #855

closed

TCP wrappers not working with lighttpd

Added by Anonymous over 18 years ago. Updated about 8 years ago.

Status:
Missing Feedback
Priority:
Normal
Category:
3rd party
Target version:
-
ASK QUESTIONS IN Forums:

Description

Hi,

it seems lighttpd currently doesn't have support for TCP wrappers. I know that the ip restriction can be done using the mod_access module, but it'd be great to have support for TCP wrappers. It's a good way to have an in general restriction on services in linux, so it makes work a little easier and changing things in one place leads to changes for the whole system. It should be like enable / disable option, so if som1 doesn't want to use it, they can always do it with mod_access.

thanks
Saurabh


Files

mod_tcpwrapper.tgz (24.7 KB) mod_tcpwrapper.tgz wschaub, 2011-09-05 02:52
mod_tcpwrapper.c (1.61 KB) mod_tcpwrapper.c gstrauss, 2016-10-21 09:58
Actions #1

Updated by Anonymous about 17 years ago

Replying to anonymous:

Hi,

it seems lighttpd currently doesn't have support for TCP wrappers. I know that the ip restriction can be done using the mod_access module, but it'd be great to have support for TCP wrappers. It's a good way to have an in general restriction on services in linux, so it makes work a little easier and changing things in one place leads to changes for the whole system. It should be like enable / disable option, so if som1 doesn't want to use it, they can always do it with mod_access.

thanks
Saurabh

Actions #2

Updated by wschaub over 13 years ago

I have created a lighttpd module that adds tcp wrapper support to lighttpd (i only tested it against 1.4.x however.) I'm attaching my work I hope it's useful to someone.

Actions #3

Updated by gstrauss over 8 years ago

  • Description updated (diff)
  • Category changed from core to 3rd party
  • Assignee deleted (jan)
  • Target version deleted (1.5.0)
Actions #4

Updated by gstrauss about 8 years ago

@wschaub: thank you for the patches.

As you mentioned, your patches might be useful to some, so I linked to it from Docs_UserWrittenMods.

However, some adjustments need to be made before it can be considered for inclusion in lighttpd. Among other things, there needs to be others requesting this functionality and there needs to be some config params to enable/disable the modules, as well as potentially to allow RQ_USER to be specified.

The core of the patch can be simplified to

#include <tcpd.h>
/* ... */
URIHANDLER_FUNC(mod_tcpwrapper_uri_handler) {
        struct request_info tcpreq;

        UNUSED(srv);
        UNUSED(p_d);

        if (con->mode != DIRECT) return HANDLER_GO_ON;

        request_init(&tcpreq,
                     RQ_DAEMON,      "lighttpd",
                     RQ_FILE,        con->fd,
                     RQ_CLIENT_SIN,  &con->dst_addr, 
                     RQ_CLIENT_ADDR, con->dst_addr_buf->ptr, 0);
        fromhost(&tcpreq);
        if (!hosts_access(&tcpreq)) {
                /* access blocked by tcp wrappers */
                con->http_status = 403;
                return HANDLER_FINISHED;
        }

        /* access allowed */
        return HANDLER_GO_ON;
}

I have attached an updated mod_tcpwrappers.c which is simplified and which builds with lighttpd 1.4.42. Those reading this might still wish to look at the other files in mod_tcpwrapper.tgz for directions to build mod_tcpwrappers.

Actions

Also available in: Atom