Skip to content

Commit

Permalink
Add mod_remoteip module
Browse files Browse the repository at this point in the history
  • Loading branch information
Dimitri Savineau authored and igalic committed Mar 13, 2015
1 parent f28a715 commit e0255bd
Show file tree
Hide file tree
Showing 4 changed files with 102 additions and 0 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -572,6 +572,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl
* `proxy_http`
* `python`
* `reqtimeout`
* `remoteip`*
* `rewrite`
* `rpaf`*
* `setenvif`
Expand Down
27 changes: 27 additions & 0 deletions manifests/mod/remoteip.pp
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
class apache::mod::remoteip (
$header = 'X-Forwarded-For',
$proxy_ips = [ '127.0.0.1' ],
$proxies_header = undef,
$trusted_proxy_ips = undef,
$apache_version = $::apache::apache_version
) {
if versioncmp($apache_version, '2.4') < 0 {
fail('mod_remoteip is only available in Apache 2.4')
}

::apache::mod { 'remoteip': }

# Template uses:
# - $header
# - $proxy_ips
# - $proxies_header
# - $trusted_proxy_ips
file { 'remoteip.conf':
ensure => file,
path => "${::apache::mod_dir}/remoteip.conf",
content => template('apache/mod/remoteip.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}
53 changes: 53 additions & 0 deletions spec/classes/mod/remoteip_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
require 'spec_helper'

describe 'apache::mod::remoteip', :type => :class do
let :pre_condition do
[
'include apache',
]
end
context "on a Debian OS" do
let :facts do
{
:osfamily => 'Debian',
:operatingsystemrelease => '8',
:concat_basedir => '/dne',
:lsbdistcodename => 'jessie',
:operatingsystem => 'Debian',
:id => 'root',
:kernel => 'Linux',
:path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
}
end
let :params do
{ :apache_version => '2.4' }
end
it { is_expected.to contain_class("apache::params") }
it { is_expected.to contain_apache__mod('remoteip') }
it { is_expected.to contain_file('remoteip.conf').with({
'path' => '/etc/apache2/mods-available/remoteip.conf',
}) }

describe "with header X-Forwarded-For" do
let :params do
{ :header => 'X-Forwarded-For' }
end
it { is_expected.to contain_file('remoteip.conf').with_content(/^RemoteIPHeader X-Forwarded-For$/) }
end
describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do
let :params do
{ :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] }
end
it { is_expected.to contain_file('remoteip.conf').with_content(/^RemoteIPInternalProxy 10.42.17.8$/) }
it { is_expected.to contain_file('remoteip.conf').with_content(/^RemoteIPInternalProxy 10.42.18.99$/) }
end
describe "with Apache version < 2.4" do
let :params do
{ :apache_version => '2.2' }
end
it 'should fail' do
expect { subject }.to raise_error(Puppet::Error, /mod_remoteip is only available in Apache 2.4/)
end
end
end
end
21 changes: 21 additions & 0 deletions templates/mod/remoteip.conf.erb
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# Declare the header field which should be parsed for useragent IP addresses
RemoteIPHeader <%= @header %>

# Declare client intranet IP addresses trusted to present
# the RemoteIPHeader value
<%- @proxy_ips.each do |proxy| -%>
RemoteIPInternalProxy <%= proxy %>
<%- end -%>

# Declare the header field which will record all intermediate IP addresses
<%- if @proxies_header -%>
RemoteIPProxiesHeader <%= @proxies_header %>
<%- end -%>

# Declare client intranet IP addresses trusted to present
# the RemoteIPHeader value
<%- if @trusted_proxy_ips -%>
<%- @trusted_proxy_ips.each do |proxy| -%>
RemoteIPTrustedProxy <%= proxy %>
<%- end -%>
<%- end -%>

0 comments on commit e0255bd

Please sign in to comment.