Project

General

Profile

Feature #855

TCP wrappers not working with lighttpd

Added by Anonymous almost 13 years ago. Updated almost 3 years ago.

Status:
Missing Feedback
Priority:
Normal
Assignee:
-
Category:
3rd party
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:

Description

Hi,

it seems lighttpd currently doesn't have support for TCP wrappers. I know that the ip restriction can be done using the mod_access module, but it'd be great to have support for TCP wrappers. It's a good way to have an in general restriction on services in linux, so it makes work a little easier and changing things in one place leads to changes for the whole system. It should be like enable / disable option, so if som1 doesn't want to use it, they can always do it with mod_access.

thanks
Saurabh

mod_tcpwrapper.tgz (24.7 KB) mod_tcpwrapper.tgz wschaub, 2011-09-05 02:52
mod_tcpwrapper.c (1.61 KB) mod_tcpwrapper.c gstrauss, 2016-10-21 09:58

History

#1

Updated by Anonymous almost 12 years ago

Replying to anonymous:

Hi,

it seems lighttpd currently doesn't have support for TCP wrappers. I know that the ip restriction can be done using the mod_access module, but it'd be great to have support for TCP wrappers. It's a good way to have an in general restriction on services in linux, so it makes work a little easier and changing things in one place leads to changes for the whole system. It should be like enable / disable option, so if som1 doesn't want to use it, they can always do it with mod_access.

thanks
Saurabh

#2

Updated by wschaub about 8 years ago

I have created a lighttpd module that adds tcp wrapper support to lighttpd (i only tested it against 1.4.x however.) I'm attaching my work I hope it's useful to someone.

#3

Updated by gstrauss about 3 years ago

  • Description updated (diff)
  • Category changed from core to 3rd party
  • Assignee deleted (jan)
  • Target version deleted (1.5.0)
#4

Updated by gstrauss almost 3 years ago

wschaub: thank you for the patches.

As you mentioned, your patches might be useful to some, so I linked to it from Docs_UserWrittenMods.

However, some adjustments need to be made before it can be considered for inclusion in lighttpd. Among other things, there needs to be others requesting this functionality and there needs to be some config params to enable/disable the modules, as well as potentially to allow RQ_USER to be specified.

The core of the patch can be simplified to

#include <tcpd.h>
/* ... */
URIHANDLER_FUNC(mod_tcpwrapper_uri_handler) {
        struct request_info tcpreq;

        UNUSED(srv);
        UNUSED(p_d);

        if (con->mode != DIRECT) return HANDLER_GO_ON;

        request_init(&tcpreq,
                     RQ_DAEMON,      "lighttpd",
                     RQ_FILE,        con->fd,
                     RQ_CLIENT_SIN,  &con->dst_addr, 
                     RQ_CLIENT_ADDR, con->dst_addr_buf->ptr, 0);
        fromhost(&tcpreq);
        if (!hosts_access(&tcpreq)) {
                /* access blocked by tcp wrappers */
                con->http_status = 403;
                return HANDLER_FINISHED;
        }

        /* access allowed */
        return HANDLER_GO_ON;
}

I have attached an updated mod_tcpwrappers.c which is simplified and which builds with lighttpd 1.4.42. Those reading this might still wish to look at the other files in mod_tcpwrapper.tgz for directions to build mod_tcpwrappers.

Also available in: Atom