diff --git a/ChangeLog b/ChangeLog index 6d97a81..ae5b2c3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,7 @@ -* Aut 05 2016 CloudFlare Inc - 2016.8.0 +* Oct 24 2016 CloudFlare Inc - 2016.10.0 +- Change OS detection for EasyApache 4 installer to work with CentOS < 7 + +* Aug 05 2016 CloudFlare Inc - 2016.8.0 - Updated CloudFlare IPv6 ranges - Support for installing on EasyApache4 diff --git a/EasyApache/installer.sh b/EasyApache/installer.sh index 1f826f6..ff1fb2f 100755 --- a/EasyApache/installer.sh +++ b/EasyApache/installer.sh @@ -38,13 +38,11 @@ function install_ea3 { function install_ea4 { # - # Reasonably reliable way to get OS distribution name and version + # Get OS version from redhat-release # - DISTRO_NAME=`cat /etc/os-release | grep "^NAME" | sed 's/NAME="//' | sed 's/"//'` - DISTRO_VERSION=`cat /etc/os-release | grep "^VERSION_ID" | sed 's/VERSION_ID="//' | sed 's/"//'` + DISTRO_NAME=`cat /etc/redhat-release | awk {'print$1'}` + DISTRO_VERSION=`cat /etc/redhat-release | sed -e 's/.*release \(.*\) (.*)/\1/' -e 's/\..*//'` - # Remove trailing minor version - DISTRO_VERSION=`sed "s/\..*//" <<<"$DISTRO_VERSION"` if [[ $DISTRO_VERSION == "6" || $DISTRO_VERSION == "7" ]]; then echo @@ -97,13 +95,8 @@ function install_ea4 { # Main # -# -# Check which version of cPanel we have -# -CPANEL_VERSION=`/usr/local/cpanel/cpanel -V | sed "s/\..*$//"` - -# Version 58 and up have Easy Apache 4 -if [ "$CPANEL_VERSION" -gt "57" ]; then +# Check if EasyApache 4 is enabled +if [ -e "/etc/cpanel/ea4/is_ea4" ]; then install_ea4 else install_ea3 diff --git a/README.md b/README.md index b8e4e59..b3369b4 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,15 @@ This specifies the header which contains the original IP. Default: ### CloudFlareRemoteIPTrustedProxy ### -This is the IP range from which we will allow the `CloudFlareRemoteIPHeader` to be used from. See [here][1] for a complete list. +This is to add additional trusted IP addresses or ranges from which we will allow `CloudFlareRemoteIPHeader` to be used from. We will rewrite remote IPs and the SSL variable (in the case of Flexible SSL) from these trusted IPs, additionally `DenyAllButCloudflare` will not deny requests from IPs listed here. See [here][1] for a complete list. + +### DenyAllButCloudFlare ### + +When this is set, we will deny requests from IPs which aren't in the `CloudFlareRemoteIPTrustedProxy` directive or are not from a Cloudflare IP. + +Note that by default, `DenyAllButCloudflare` will not allow Remote IPs, they will need to be whitelisted through `CloudFlareRemoteIPTrustedProxy`. + +## Loading the Module ## Note that on some systems, you may have to add a `LoadModule` directive manually. This should look like: @@ -36,12 +44,14 @@ Note that on some systems, you may have to add a `LoadModule` directive manually Replace `/usr/lib/apache2/modules/mod_cloudflare.so` with the path to `mod_cloudflare.so` on your system. +## Installing apxs/apxs2 ## + If you cannot find `apxs` or `apxs2`, install `apache2-dev` on Debian and Ubuntu, or `httpd-devel` on Red Hat and CentOS: $ apt-get install apache2-dev $ yum install httpd-devel -NOTES: +## Additional Notes ## - If mod\_cloudflare and mod\_remoteip are enabled on the same web server, the server will crash if they both try to set the remote IP to a different value. - Enabling mod\_cloudflare will not effect the performance of Apache in any noticeable manner. AB testing both over LAN and WAN show no equivalent numbers with and without mod\_cloudflare. diff --git a/VERSION b/VERSION index 5a12c08..1306a79 100644 --- a/VERSION +++ b/VERSION @@ -1,3 +1,3 @@ MAJOR=2016 -MINOR=8 +MINOR=10 BUILD=0 diff --git a/mod_cloudflare.c b/mod_cloudflare.c index fa9f9c1..8d85d1a 100644 --- a/mod_cloudflare.c +++ b/mod_cloudflare.c @@ -16,10 +16,11 @@ * Derived from mod_remoteip.c. * Default values for directives are hard-wired for CloudFlare defaults. * - * Supported directives and defaults: + * Supported directives and example values (further info in README): * - * CloudFlareIPHeader CF-Connecting-IP - * CloudFlareIPTrustedProxy 204.93.173.0/24 + * CloudFlareRemoteIPHeader CF-Connecting-IP + * CloudFlareRemoteIPTrustedProxy 204.93.173.0/24 + * DenyAllButCloudFlare * */