https://redmine.lighttpd.net/https://redmine.lighttpd.net/favicon.ico?13667327412007-11-04T00:36:25Zlighty labsLighttpd - Feature #855: TCP wrappers not working with lighttpdhttps://redmine.lighttpd.net/issues/855?journal_id=19442007-11-04T00:36:25ZAnonymous
<ul></ul><p>Replying to <a class="wiki-page new" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Ticket855">anonymous</a>:</p>
<blockquote>
<p>Hi,</p>
<p>it seems lighttpd currently doesn't have support for TCP wrappers. I know that the ip restriction can be done using the mod_access module, but it'd be great to have support for TCP wrappers. It's a good way to have an in general restriction on services in linux, so it makes work a little easier and changing things in one place leads to changes for the whole system. It should be like enable / disable option, so if som1 doesn't want to use it, they can always do it with mod_access.</p>
<p>thanks<br />Saurabh</p>
</blockquote> Lighttpd - Feature #855: TCP wrappers not working with lighttpdhttps://redmine.lighttpd.net/issues/855?journal_id=75832011-09-05T02:52:20Zwschaub
<ul><li><strong>File</strong> <a href="/attachments/1297">mod_tcpwrapper.tgz</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/1297/mod_tcpwrapper.tgz">mod_tcpwrapper.tgz</a> added</li></ul><p>I have created a lighttpd module that adds tcp wrapper support to lighttpd (i only tested it against 1.4.x however.) I'm attaching my work I hope it's useful to someone.</p> Lighttpd - Feature #855: TCP wrappers not working with lighttpdhttps://redmine.lighttpd.net/issues/855?journal_id=99962016-07-07T13:08:20Zgstrauss
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/9996/diff?detail_id=8396">diff</a>)</li><li><strong>Category</strong> changed from <i>core</i> to <i>3rd party</i></li><li><strong>Assignee</strong> deleted (<del><i>jan</i></del>)</li><li><strong>Target version</strong> deleted (<del><i>1.5.0</i></del>)</li></ul> Lighttpd - Feature #855: TCP wrappers not working with lighttpdhttps://redmine.lighttpd.net/issues/855?journal_id=105952016-10-21T09:59:39Zgstrauss
<ul><li><strong>File</strong> <a href="/attachments/1726">mod_tcpwrapper.c</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/1726/mod_tcpwrapper.c">mod_tcpwrapper.c</a> added</li><li><strong>Status</strong> changed from <i>New</i> to <i>Missing Feedback</i></li></ul><p><a class="user active user-mention" href="https://redmine.lighttpd.net/users/8078">@wschaub</a>: thank you for the patches.</p>
<p>As you mentioned, your patches might be useful to some, so I linked to it from <a class="wiki-page" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_UserWrittenMods">Docs_UserWrittenMods</a>.</p>
<p>However, some adjustments need to be made before it can be considered for inclusion in lighttpd. Among other things, there needs to be others requesting this functionality and there needs to be some config params to enable/disable the modules, as well as potentially to allow RQ_USER to be specified.</p>
<p>The core of the patch can be simplified to<br /><pre>
#include <tcpd.h>
/* ... */
URIHANDLER_FUNC(mod_tcpwrapper_uri_handler) {
struct request_info tcpreq;
UNUSED(srv);
UNUSED(p_d);
if (con->mode != DIRECT) return HANDLER_GO_ON;
request_init(&tcpreq,
RQ_DAEMON, "lighttpd",
RQ_FILE, con->fd,
RQ_CLIENT_SIN, &con->dst_addr,
RQ_CLIENT_ADDR, con->dst_addr_buf->ptr, 0);
fromhost(&tcpreq);
if (!hosts_access(&tcpreq)) {
/* access blocked by tcp wrappers */
con->http_status = 403;
return HANDLER_FINISHED;
}
/* access allowed */
return HANDLER_GO_ON;
}
</pre></p>
<p>I have attached an updated mod_tcpwrappers.c which is simplified and which builds with lighttpd 1.4.42. Those reading this might still wish to look at the other files in mod_tcpwrapper.tgz for directions to build mod_tcpwrappers.</p>