Feature #855
closedTCP wrappers not working with lighttpd
Description
Hi,
it seems lighttpd currently doesn't have support for TCP wrappers. I know that the ip restriction can be done using the mod_access module, but it'd be great to have support for TCP wrappers. It's a good way to have an in general restriction on services in linux, so it makes work a little easier and changing things in one place leads to changes for the whole system. It should be like enable / disable option, so if som1 doesn't want to use it, they can always do it with mod_access.
thanks
Saurabh
Files
Updated by Anonymous about 17 years ago
Replying to anonymous:
Hi,
it seems lighttpd currently doesn't have support for TCP wrappers. I know that the ip restriction can be done using the mod_access module, but it'd be great to have support for TCP wrappers. It's a good way to have an in general restriction on services in linux, so it makes work a little easier and changing things in one place leads to changes for the whole system. It should be like enable / disable option, so if som1 doesn't want to use it, they can always do it with mod_access.
thanks
Saurabh
Updated by wschaub over 13 years ago
- File mod_tcpwrapper.tgz mod_tcpwrapper.tgz added
I have created a lighttpd module that adds tcp wrapper support to lighttpd (i only tested it against 1.4.x however.) I'm attaching my work I hope it's useful to someone.
Updated by gstrauss over 8 years ago
- Description updated (diff)
- Category changed from core to 3rd party
- Assignee deleted (
jan) - Target version deleted (
1.5.0)
Updated by gstrauss about 8 years ago
- File mod_tcpwrapper.c mod_tcpwrapper.c added
- Status changed from New to Missing Feedback
@wschaub: thank you for the patches.
As you mentioned, your patches might be useful to some, so I linked to it from Docs_UserWrittenMods.
However, some adjustments need to be made before it can be considered for inclusion in lighttpd. Among other things, there needs to be others requesting this functionality and there needs to be some config params to enable/disable the modules, as well as potentially to allow RQ_USER to be specified.
The core of the patch can be simplified to
#include <tcpd.h> /* ... */ URIHANDLER_FUNC(mod_tcpwrapper_uri_handler) { struct request_info tcpreq; UNUSED(srv); UNUSED(p_d); if (con->mode != DIRECT) return HANDLER_GO_ON; request_init(&tcpreq, RQ_DAEMON, "lighttpd", RQ_FILE, con->fd, RQ_CLIENT_SIN, &con->dst_addr, RQ_CLIENT_ADDR, con->dst_addr_buf->ptr, 0); fromhost(&tcpreq); if (!hosts_access(&tcpreq)) { /* access blocked by tcp wrappers */ con->http_status = 403; return HANDLER_FINISHED; } /* access allowed */ return HANDLER_GO_ON; }
I have attached an updated mod_tcpwrappers.c which is simplified and which builds with lighttpd 1.4.42. Those reading this might still wish to look at the other files in mod_tcpwrapper.tgz for directions to build mod_tcpwrappers.
Also available in: Atom