diff --git a/docs/man5/tinyproxy.conf.txt.in b/docs/man5/tinyproxy.conf.txt.in index c3f966b..143b746 100644 --- a/docs/man5/tinyproxy.conf.txt.in +++ b/docs/man5/tinyproxy.conf.txt.in @@ -246,13 +246,13 @@ AddHeader "X-My-Header" "Powered by Tinyproxy" enabling this option, you break compliance. Don't disable the `Via` header unless you know what you are doing... -*DisableXffHeader*:: +*EnableXffHeader*:: The 'X-Forwarded-For' header isn't required by the HTTP RFC, but is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer. Though, using this is a security concern. - So turn this off only for demand. + So turn this on only for demand. *Filter*:: diff --git a/etc/tinyproxy.conf.in b/etc/tinyproxy.conf.in index a7ebe8d..5fc63f1 100644 --- a/etc/tinyproxy.conf.in +++ b/etc/tinyproxy.conf.in @@ -234,13 +234,13 @@ ViaProxyName "tinyproxy" #DisableViaHeader Yes # -# DisableXffHeader: The 'X-Forwarded-For' header isn't required by the +# EnableXffHeader: The 'X-Forwarded-For' header isn't required by the # HTTP RFC, but is a common method for identifying the originating # IP address of a client connecting to a web server through an HTTP # proxy or load balancer. Though, using this is a security concern. # So we disable it by default. # -DisableXffHeader Yes +#EnableXffHeader No # # Filter: This allows you to specify the location of the filter file. diff --git a/src/conf.c b/src/conf.c index 977e1f7..442c473 100644 --- a/src/conf.c +++ b/src/conf.c @@ -156,7 +156,7 @@ static HANDLE_FUNC (handle_timeout); static HANDLE_FUNC (handle_user); static HANDLE_FUNC (handle_viaproxyname); static HANDLE_FUNC (handle_disableviaheader); -static HANDLE_FUNC (handle_disablexffheader); +static HANDLE_FUNC (handle_enablexffheader); static HANDLE_FUNC (handle_xtinyproxy); #ifdef UPSTREAM_SUPPORT @@ -210,7 +210,7 @@ struct { STDCONF ("syslog", BOOL, handle_syslog), STDCONF ("bindsame", BOOL, handle_bindsame), STDCONF ("disableviaheader", BOOL, handle_disableviaheader), - STDCONF ("disablexffheader", BOOL, handle_disablexffheader), + STDCONF ("enablexffheader", BOOL, handle_enablexffheader), STDCONF ("xtinyproxy", BOOL, handle_xtinyproxy), /* integer arguments */ STDCONF ("port", INT, handle_port), @@ -527,6 +527,8 @@ static void initialize_with_defaults (struct config_s *conf, conf->disable_viaheader = defaults->disable_viaheader; + conf->enable_xffheader = defaults->enable_xffheader; + if (defaults->errorpage_undef) { conf->errorpage_undef = safestrdup (defaults->errorpage_undef); } @@ -738,17 +740,17 @@ static HANDLE_FUNC (handle_disableviaheader) return 0; } -static HANDLE_FUNC (handle_disablexffheader) +static HANDLE_FUNC (handle_enablexffheader) { - int r = set_bool_arg (&conf->disable_xffheader, line, &match[2]); + int r = set_bool_arg (&conf->enable_xffheader, line, &match[2]); - if (r) { + if (!r) { return r; } log_message (LOG_INFO, - "Disabling transmission of the \"X-Forwarded-For\" header."); - return 0; + "Enabling transmission of the \"X-Forwarded-For\" header."); + return r; } static HANDLE_FUNC (handle_defaulterrorfile) diff --git a/src/conf.h b/src/conf.h index 8a7d27d..2d38d03 100644 --- a/src/conf.h +++ b/src/conf.h @@ -77,7 +77,7 @@ struct config_s { unsigned int disable_viaheader; /* boolean */ - unsigned int disable_xffheader; /* boolean */ + unsigned int enable_xffheader; /* boolean */ /* * Error page support. Map error numbers to file paths. diff --git a/src/reqs.c b/src/reqs.c index d7dce81..e4bcf1d 100644 --- a/src/reqs.c +++ b/src/reqs.c @@ -924,7 +924,7 @@ process_client_headers (struct conn_s *connptr, hashmap_t hashofheaders) goto PULL_CLIENT_DATA; } - if (!config.disable_xffheader) { + if (config.enable_xffheader) { /* Send new or appended the 'X-Forwarded-For' header */ ret = write_xff_header(connptr->server_fd, hashofheaders, connptr->client_ip_addr); @@ -1100,7 +1100,7 @@ retry: if (ret < 0) goto ERROR_EXIT; - if (!config.disable_xffheader) { + if (config.enable_xffheader) { /* Send new or appended the 'X-Forwarded-For' header */ ret = write_xff_header(connptr->client_fd, hashofheaders, connptr->server_ip_addr);