forked from cloudflare/mod_cloudflare
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
65 lines (41 loc) · 2.88 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
Copyright CloudFlare 2012 cloudflare.com
======> mod_cloudflare.c
Based on mod_remoteip.c, this apache extension will replace the remote_ip variable in user's logs with the correct remote_ip sent from CloudFlare.
This also does authentication, only performing the switch for requests originating from 204.93.173.0/24 (by default).
To install:
# apxs2 -a -i -c mod_cloudflare.c
No further configuration is needed. However, if you wish to override the default values, the following directives are exposed:
* CloudFlareRemoteIPHeader
This specifies the header which contains the original IP. Default:
CloudFlareRemoteIPHeader CF-Connecting-IP
* CloudFlareRemoteIPTrustedProxy
This is the IP range from which we will allow the CloudFlareRemoteIPHeader to be used from. See https://www.cloudflare.com/wiki/What_are_the_CloudFlare_IP_address_ranges.
Note that on some Debian systems, you may have to add a LoadModule directive manually. This should look like:
LoadModule cloudflare_module /usr/lib/apache2/modules/mod_cloudflare.so
Replace /usr/lib/apache2/modules/mod_cloudflare.so with the path to mod_cloudflare.so on your system.
If you cannot find apxs or apxs2, on a Debian or Ubuntu distro you can install this tool with:
# apt-get install apache2-prefork-dev
NOTES:
*) If mod_cloudflare and mod_remoteip are enabled on the same web server, the server will crash if they both try to set the remote IP to a different value.
*) Enableing mod_cloudflare will not effect the performance of Apache in any noticable maner. AB testing both over LAN and WAN show no equalilent numbers with and without mod_cloudflare.
*) If you like, you may also add the directive DenyAllButCloudFlare. This will result in all requests from IPs which are not in the CloudFlareRemoteIPTrustedProxy range being denied with a status of 403.
Packaging
The packaging directory contains a makefile to run the package process. For each class of system you wish to target, run the approriate rules:
debian (& ubuntu)
sudo make pkg-deb-system-prep
make pkg-deb
redhat (& centos)
sudo make pkg-rpm-system-prep
make pkg-rpm
suse
sudo make pkg-rpm-suse-system-prep
make pkg-rpm-suse
Testing
To test a package run the test_debian, test_rpm or test_rpm.suse scripts on the target machine:
test_debian.sh libapache2-mod-cloudflare_1.1_i386.deb
test_rpm.suse.sh mod_cloudflare-1.1.0-3.fc16.x86_64.rpm
test_rpm.suse.sh mod_cloudflare-1.1.0-3.x86_64.suse.rpm
Releases
2012-08-30 1.1.2 Bugfix for intermittent segfaults under some conditions. Pulled from remoteip codebase.
2012-06-03 1.1.1 Bugfix for DenyAll behavior when CF-Connecting-IP header not available.
2012-05-20 1.1.0 .deb and .rpm release tested on Debian 6.0, Ubuntu 8.04, Ubuntu 10.04, CentOS 5, CentOS 6, RHEL 5, RHEL 6, OpenSuSE 11.4, OpenSuSE 12.1 all on 32-bit and 64-bit architectures. These were produced on Fedora 16, Ubuntu 12.04 and OpenSuSE 12.1