From fa6cc17f6032553af6cfd1f8f40c1af8dfb14822 Mon Sep 17 00:00:00 2001 From: gregcorbett Date: Wed, 21 Aug 2024 16:43:13 +0100 Subject: [PATCH] ncm-metaconfig: Allow basic httpd remoteip config to be expressed - See https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html - Added to the global section because, even though `remoteipproxyprotocol` can be defined at the vhost level, only one such definition will take affect, and do so globally. --- ncm-metaconfig/src/main/metaconfig/httpd/config/global.tt | 5 ++++- ncm-metaconfig/src/main/metaconfig/httpd/pan/schema.pan | 4 ++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ncm-metaconfig/src/main/metaconfig/httpd/config/global.tt b/ncm-metaconfig/src/main/metaconfig/httpd/config/global.tt index 03ce6632ab..47b374d7b1 100644 --- a/ncm-metaconfig/src/main/metaconfig/httpd/config/global.tt +++ b/ncm-metaconfig/src/main/metaconfig/httpd/config/global.tt @@ -3,7 +3,10 @@ "hostnamelookups", ] -%] -[%- lists = ["directoryindex", "indexoptions", "indexignore"] -%] +[%- lists = ["directoryindex", "indexoptions", "indexignore", + "remoteiptrustedproxy", "remoteipproxyprotocolexceptions" + ] +-%] [%- quotes = ["serverroot"] -%] [%- FOREACH pair IN desc.pairs -%] [%- SWITCH pair.key -%] diff --git a/ncm-metaconfig/src/main/metaconfig/httpd/pan/schema.pan b/ncm-metaconfig/src/main/metaconfig/httpd/pan/schema.pan index 9940269cab..a6bf46e17e 100644 --- a/ncm-metaconfig/src/main/metaconfig/httpd/pan/schema.pan +++ b/ncm-metaconfig/src/main/metaconfig/httpd/pan/schema.pan @@ -680,6 +680,10 @@ type httpd_global_system = { "limitrequestfieldsize" ? long "traceenable" ? string with match(SELF, '^(on|off|extended)$') + + "remoteipproxyprotocol" ? choice('on', 'off') + "remoteipproxyprotocolexceptions" ? type_network_name[] + "remoteiptrustedproxy" ? type_network_name[] }; type httpd_ifmodule_parameters = {