mod_extract_forwarded2のコンパイル
Pound経由でのHTTPアクセスではX-Forwarded-ForヘッダのIPアドレスに
クライアントのIPアドレスが格納されApache側ではPoundのIPでの
アクセスに見えてしまいます。
この問題を解決するためにmod_extract_forwarded2を使います。
このモジュールを使えばApacheのアクセスログやアクセス制限が
普通に使えるようになります。という事で、まずはコンパイル。
# yum install httpd-devel →apxsが必要になるのでパッケージをインストール # wget http://www.cotds.org/mod_extract_forwarded2/mod_extract_forwarded2-0.1.tar.gz →ソースの取得 # tar zxvf /$HOME/mod_extract_forwarded2-0.1.tar.gz # cd /$HOME/mod_extract_forwarded2-0.1 # /usr/sbin/apxs -i -c -a ./mod_extract_forwarded2.c /usr/lib64/apr-1/build/libtool --silent --mode=compile gcc -prefer-pic -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fno-strict-aliasing -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/httpd -I/usr/include/apr-1 -I/usr/include/apr-1 -c -o ./mod_extract_forwarded2.lo ./mod_extract_forwarded2.c && touch ./mod_extract_forwarded2.slo ./mod_extract_forwarded2.c: In function 'rm_forwarder': ./mod_extract_forwarded2.c:130: warning: unused variable 'r' ./mod_extract_forwarded2.c: In function 'real_set_proxy_remote_addr': ./mod_extract_forwarded2.c:331: warning: unused variable 'start_ptr' ./mod_extract_forwarded2.c: In function 'restore_proxy_remote_addr': ./mod_extract_forwarded2.c:318: warning: control reaches end of non-void function ./mod_extract_forwarded2.c: At top level: ./mod_extract_forwarded2.c:426: warning: 'ft_set_proxy_remote_addr' defined but not used /usr/lib64/apr-1/build/libtool --silent --mode=link gcc -o ./mod_extract_forwarded2.la -rpath /usr/lib64/httpd/modules -module -avoid-version ./mod_extract_forwarded2.lo /usr/lib64/httpd/build/instdso.sh SH_LIBTOOL='/usr/lib64/apr-1/build/libtool' ./mod_extract_forwarded2.la /usr/lib64/httpd/modules /usr/lib64/apr-1/build/libtool --mode=install cp ./mod_extract_forwarded2.la /usr/lib64/httpd/modules/ cp ./.libs/mod_extract_forwarded2.so /usr/lib64/httpd/modules/mod_extract_forwarded2.so cp ./.libs/mod_extract_forwarded2.lai /usr/lib64/httpd/modules/mod_extract_forwarded2.la cp ./.libs/mod_extract_forwarded2.a /usr/lib64/httpd/modules/mod_extract_forwarded2.a chmod 644 /usr/lib64/httpd/modules/mod_extract_forwarded2.a ranlib /usr/lib64/httpd/modules/mod_extract_forwarded2.a PATH="$PATH:/sbin" ldconfig -n /usr/lib64/httpd/modules ---------------------------------------------------------------------- Libraries have been installed in: /usr/lib64/httpd/modules If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `LD_LIBRARY_PATH' environment variable during execution - add LIBDIR to the `LD_RUN_PATH' environment variable during linking - use the `-Wl,--rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to `/etc/ld.so.conf' See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------- chmod 755 /usr/lib64/httpd/modules/mod_extract_forwarded2.so [activating module `extract_forwarded' in /etc/httpd/conf/httpd.conf] →コンパイル http.confまで追記してくれます。 # cat /etc/httpd/conf/httpd.conf | grep mod_extract_forwarded2 LoadModule extract_forwarded_module /usr/lib64/httpd/modules/mod_extract_forwarded2.so →http.confにてLoadModuleされているかの確認