Patch to add a new "ProxySourceAddress" directive to specify the source address of outgoing connections from mod_proxy. If not specified, the local end of the socket remains unbound, which typically uses the main IP address of the local machine (OS-dependent). A literal IP address is recommended, although anything supported by apr_sockaddr_info_get(), including a hostname, is accepted.
Created attachment 11770 [details] PatchAvailable (against http-2.1 HEAD, but also applies cleanly to 2.0.49)
I'm not familiar enough with the internals of APR to know if there is a clean way to tidy up the allocated pool memory in the case of a syntax error, though as the server is about to die anyway there's presumably not much point worrying!
The point behind pool memory is that it gets tidied up for you. You just need to select the right pool, some pools only last as long as a request, others for the life of the server child process. Does your patch handle the case of when ProxySourceAddress is in a virtualhost container?
Yes, and it should follow the usual preference rules if it's also declared outside a VirtualHost. Would it be worth extending ProxySourceAddress to per-dir context? It's not allowed there at the moment, but presumably it wouldn't be too difficult to add, since mod_proxy already declares the per-dir create and merge hooks, and maintains a per-dir config structure. Actually, is it just a matter of adding ACCESS_CONF or OR_ALL to the flags in proxy_cmds, and letting the core take care of the necessary merging? On pools: I've used server->process->pconf, as bind_addr is only defined once at initial config time and needs to survive across requests - is that an appropriate pool, or is there a better choice?
Created attachment 11796 [details] Equivalent patch against apache-1.3 HEAD
This patch is almost the thing I needed... Could you please give me some ideas as to how to make the "ProxySourceAddress" be dynamically set according to EnvVars etc? Particularly I need to set it to REMOTE_ADDR but I still cannot find how to reference this (or any other connection-specific) parameter from within set_source_address()
Hi, I have a problem with the Port for ProxySourceAddress. The system is AIX 5.2 ML 4. Apache is 2.0.50. My httpd.conf: <VirtualHost 223.99.214.38:80> ProxySourceAddress 223.99.214.38 ServerName 223.99.214.38 ProxyPass /eroom http://223.99.214.12/eroom ProxyPassReverse /eroom http://223.99.214.12/eroom </VirtualHost> Sometimes it works, sometimes not. The error_log shows this: [Fri Jun 17 11:39:38 2005] [notice] Apache/2.0.50 (Unix) DAV/2 configured -- resuming normal operations [Fri Jun 17 11:39:42 2005] [error] proxy: HTTP: attempt to bind to source address 223.99.214.38:52784 failed [Fri Jun 17 11:39:42 2005] [error] proxy: HTTP: attempt to bind to source address 223.99.214.38:0 failed [Fri Jun 17 11:39:42 2005] [error] proxy: HTTP: attempt to bind to source address 223.99.214.38:52784 failed Why is the proxy module using Port 0 or 52784? I have no definitions of these ports. Best regards Torsten
(In reply to comment #1) > Created an attachment (id=11770) [edit] > PatchAvailable (against http-2.1 HEAD, but also applies cleanly to 2.0.49) Hello, I'm getting "Address already in use" Message (error_log) while reading further Information from the backend web server ! As of result of this error, the web page elements are not beeing loaded (502 Bad Gateway in access_log). The error occurs with Apache 2.0.54 on FreeBSD 5.4 and Solaris 8 systems. ==> error_log <== [Mon Aug 01 12:55:12 2005] [debug] proxy_util.c(1161): (48)Address already in use: proxy: HTTP: attempt to connect to 66.249.85.104:80 (www.google.de) failed [Mon Aug 01 12:55:12 2005] [debug] proxy_util.c(1150): proxy: HTTP: fam 2 socket created to connect to www.google.de [Mon Aug 01 12:55:12 2005] [error] (48)Address already in use: proxy: HTTP: attempt to connect to 66.249.85.99:80 (www.google.de) failed best regards, sashi
The patch should also set APR_SO_REUSEADDR if it is bind()ing the local end of the socket to avoid that issue - see make_sock in listen.c
Created attachment 18579 [details] Proxy source address patch against httpd-2.2.2 I have ported the original patch to httpd-2.2.2. I handles ProxySourceAddress directive and also accepts a "bind=1.2.3.4" parameter for ProxyPass
Created attachment 21507 [details] ProxySourceAddress patch for 2.2.6
Created attachment 21508 [details] ProxySourceAddress patch for latest trunk (r620505)
CC myself on FreeBSD related bugs
Created attachment 24440 [details] ProxySourceAddress patch for 2.2.11
Created attachment 24441 [details] ProxySourceAddress patch for 2.2.14 I just added patches for 2.2.11 and 2.2.14 - I'm using these two versions in production applications. I may have missed it - but - is this feature still in line for inclusion into trunk at some point? Thanks!
(In reply to comment #15) > Created an attachment (id=24441) [details] > ProxySourceAddress patch for 2.2.14 > > I just added patches for 2.2.11 and 2.2.14 - I'm using these two versions in > production applications. I may have missed it - but - is this feature still in > line for inclusion into trunk at some point? > > Thanks! I have a great need for the ProxySourceAddress patch you provided. Having this would allow me to eliminate a nasty iptables double-NAT setup. If it's not too much trouble would you mind providing a patch against httpd 2.2.15? Much thanks in advance.
Created attachment 25229 [details] ProxySourceAddress patch for 2.2.15
Committed in trunk in r1034916. Documentation TBD.
Nick, that's great - THANK YOU! As the original patch author (back in 2004!) I've been watching the evolution of this issue over the years, and it's great to have it committed at last. Since the original report, Apache has grown to have much more flexible proxy support (with balancer pools, etc), so would it be possible to add the changes suggested by Aron in comment #10 too, ie. allowing bind=<address> on ProxyPass? Moon on stick would be to port it all back to 2.2... is there any chance of that (if a patch is provided, of course), or is 2.4 due to be released soon anyway?
A BETTER (in the opinion of some, at least 2 people; maybe 3) version of this concept is at bug 45405. That version also supports IPv6 and setting the TCP port range. From what I can tell, this one (29404) is IPv4 only and lets the OS select the outbound source port.
fixed in 2.4.1