Lighttpd

{{{
#!rst ==============
mod_extforward ==============

.. contents::

Overview ========

Comman Kang <comman.kang at gmail.com> sent me: ::

Hello jan.

I've made something rough but similar to mod_extract_forwarded for
  Apache.  This module will extract the client's "real" ip from
  X-Forwarded-For header which is added by squid or other proxies. It might be
  useful for servers behind reverse proxy servers.

However, this module is causing segfault with mod_ssl or
  $HTTP{''socket"} directive,  crashing in config_check_cond while patching
  connection ,  I do not understand architecture of the lighttpd well, does it
  need to call patch_connection in either handle_request_done and
  connection_reset ?

Lionel Elie Mamane <lionel@mamane.lu> improved the patch: ::

I've taken lighttpd-1.4.10-mod_extforward.c from the wiki and I've
  extended it. Here is the result.

Major changes:

- IPv6 support

- Fixed at least one segfault with SERVER['socket']

- Arrange things so that a url.access-deny under scope of a
     HTTP['remoteip'] condition works well :)

I've commented the code in some places, mostly where I wasn't sure
  what was going on, or I didn't see what the original author meant to
  do.

Installation ============

You need a current source-tree of lighttpd 1.4.13 and have to apply the patch: ::

$ gzip -cd lighttpd-1.4.13.tar.gz 
  $ cd lighttpd-1.4.13
  $ patch -ls -p1 -i ../lighttpd-1.4.11-mod-ext-forward-v2.path
  $ autoreconf
  $ ./configure ...
  $ make 
  $ sudo make install

}}}

here's my updated patch which applies to 1.4.13 tarball -glen
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/lighttpd-mod_extforward-v2.patch