/usr/share/perl5/Perlbal/Plugin/XFFExtras.pm is in libperlbal-perl 1.80-3.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 | package Perlbal::Plugin::XFFExtras;
use strict;
use warnings;
use Danga::Socket 1.53; # Need newer Danga::Socket than perlbal to have local_port
use Perlbal 1.74; # is_ssl support was added in 1.74
use Perlbal::BackendHTTP ();
use Perlbal::Service ();
sub load {
Perlbal::Service::add_tunable(
send_backend_port => {
check_role => 'reverse_proxy',
des => "Send an X-Forwarded-Port header to backends to indicate the peer's remote address",
check_type => 'bool',
default => 0,
}
);
Perlbal::Service::add_tunable(
send_backend_proto => {
check_role => 'reverse_proxy',
des => "Send an X-Forwarded-Proto header to backends to indicate the peers connecting protocol",
check_type => 'bool',
default => 0,
}
);
}
# magical Perlbal hook return value constants
use constant HANDLE_REQUEST => 0;
use constant IGNORE_REQUEST => 1;
sub register {
my ($class, $svc) = @_;
my $cfg = $svc->{extra_config} ||= {};
$svc->register_hook(XFFExtras => backend_client_assigned => sub {
my Perlbal::BackendHTTP $be = shift;
my $hds = $be->{req_headers};
my $client = $be->{client};
my $client_ip = $client->peer_ip_string;
my $trusted = $svc->trusted_ip($client_ip);
my $blind = $svc->{blind_proxy};
if (($trusted && !$blind) || !$trusted) {
if ($cfg->{send_backend_port}) {
# Danga::Socket has no accessor for the peer_port, so we break object
# boundaries for now to implement this. Force to integer because D::S
# also likes to store string error messages in this field too.
$client->local_ip_string;
my $local_port = $client->{local_port} + 0;
$hds->header("X-Forwarded-Port", $local_port);
}
if ($cfg->{send_backend_proto}) {
my $proto = $client->{is_ssl} ? 'https' : 'http';
$hds->header("X-Forwarded-Proto", $proto);
}
}
return HANDLE_REQUEST;
});
}
1;
__END__
=head1 NAME
Perlbal::Plugin::XFFExtras - Perlbal plugin that can optionally add an
X-Forwarded-Port and/or X-Forwarded-Proto header to reverse proxied requests.
=head1 SYNOPSIS
# in perlbal.conf
LOAD XFFExtra
CREATE POOL web
POOL web ADD 10.0.0.1:80
CREATE SERVICE proxy
SET role = reverse_proxy
SET listen = 0.0.0.0:80
SET pool = web
SET plugins = XFFExtras
SET send_backend_port = yes
SET send_backend_proto = yes
ENABLE proxy
=head1 DESCRIPTION
This plugin adds optional headers to be sent to backend servers in reverse proxy mode.
=head1 HEADERS
=over 4
=item * B<X-Forwarded-Port>
This header will contain an integer value indicating the port that the peer connected to.
This will correspond to the port number specified on the listen line of the perlbal service
that initially handled the connection.
=item * B<X-Forwarded-Proto>
This header will contain a string indicating the protocol the client connected to perlbal
via. Currently this will be either 'http' or 'https'.
=back
=head1 AUTHOR
Jonathan Steinert, E<lt>hachi@kuiki.netE<gt>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2012 by Say Media Inc, E<lt>cpan@saymedia.comE<gt>
This library is free software; you can redistribute it and/or modify it under
the same terms as Perl itself, either Perl version 5.8.6 or, at your option,
any later version of Perl 5 you may have available.
=cut
|