From 1076a0343736bfa901385379a637023ec53a549e Mon Sep 17 00:00:00 2001
From: John Wineman <jwineman@cloudflare.com>
Date: Mon, 31 Oct 2016 14:19:15 -0700
Subject: [PATCH 1/5] Update to version 2016.10.0

---
 ChangeLog               | 5 ++++-
 EasyApache/installer.sh | 8 +++-----
 VERSION                 | 2 +-
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 6d97a81..ae5b2c3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
-* Aut 05 2016 CloudFlare Inc <help@cloudflare.com> - 2016.8.0
+* Oct 24 2016 CloudFlare Inc <help@cloudflare.com> - 2016.10.0
+- Change OS detection for EasyApache 4 installer to work with CentOS < 7
+
+* Aug 05 2016 CloudFlare Inc <help@cloudflare.com> - 2016.8.0
 - Updated CloudFlare IPv6 ranges
 - Support for installing on EasyApache4
 
diff --git a/EasyApache/installer.sh b/EasyApache/installer.sh
index 1f826f6..40937e3 100755
--- a/EasyApache/installer.sh
+++ b/EasyApache/installer.sh
@@ -38,13 +38,11 @@ function install_ea3 {
 function install_ea4 {
 
     #
-    # Reasonably reliable way to get OS distribution name and version
+    # Get OS version from redhat-release
     #
-    DISTRO_NAME=`cat /etc/os-release | grep "^NAME" | sed 's/NAME="//' | sed 's/"//'`
-    DISTRO_VERSION=`cat /etc/os-release | grep "^VERSION_ID" | sed 's/VERSION_ID="//' | sed 's/"//'`
+    DISTRO_NAME=`cat /etc/redhat-release | awk {'print$1'}`
+    DISTRO_VERSION=`cat /etc/redhat-release | sed -e 's/.*release \(.*\) (.*)/\1/' -e 's/\..*//'`
 
-    # Remove trailing minor version
-    DISTRO_VERSION=`sed "s/\..*//" <<<"$DISTRO_VERSION"`
 
     if [[ $DISTRO_VERSION == "6" || $DISTRO_VERSION == "7" ]]; then
     echo
diff --git a/VERSION b/VERSION
index 5a12c08..1306a79 100644
--- a/VERSION
+++ b/VERSION
@@ -1,3 +1,3 @@
 MAJOR=2016
-MINOR=8
+MINOR=10
 BUILD=0

From 73ed1f88cb14a564680fa7d1ffff082e2a0d8328 Mon Sep 17 00:00:00 2001
From: Austin Burk <apburk@gmail.com>
Date: Fri, 23 Dec 2016 13:30:35 -0500
Subject: [PATCH 2/5] More accurate EA3/EA4 detection

cPanel servers don't automatically switch to EasyApache 4 when they're updated to the version the script checks. The official way to check if the server is running EA3 or EA4 is to check if the file /etc/cpanel/ea4/is_ea4 exists. EasyApache 3 actually checks if the file exists before exiting:

stat("/etc/cpanel/ea4/is_ea4", {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
write(2, "EasyApache3 is not available whe"..., 60EasyApache3 is not available when EasyApache4 is in effect.
---
 EasyApache/installer.sh | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/EasyApache/installer.sh b/EasyApache/installer.sh
index 40937e3..ca39520 100755
--- a/EasyApache/installer.sh
+++ b/EasyApache/installer.sh
@@ -95,13 +95,8 @@ function install_ea4 {
 # Main
 #
 
-#
-# Check which version of cPanel we have
-#
-CPANEL_VERSION=`/usr/local/cpanel/cpanel -V | sed "s/\..*$//"`
-
-# Version 58 and up have Easy Apache 4
-if [ "$CPANEL_VERSION" -gt "57" ]; then
+# Check if Easy Apache 4 is enabled
+if [ -e "/etc/cpanel/ea4/is_ea4" ]; then
    install_ea4
 else
    install_ea3

From 19269d74a791ad3a953b36edddf91d6f17ffba9b Mon Sep 17 00:00:00 2001
From: Austin Burk <apburk@gmail.com>
Date: Tue, 3 Jan 2017 13:05:09 -0500
Subject: [PATCH 3/5] Update installer.sh

---
 EasyApache/installer.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/EasyApache/installer.sh b/EasyApache/installer.sh
index ca39520..ff1fb2f 100755
--- a/EasyApache/installer.sh
+++ b/EasyApache/installer.sh
@@ -95,7 +95,7 @@ function install_ea4 {
 # Main
 #
 
-# Check if Easy Apache 4 is enabled
+# Check if EasyApache 4 is enabled
 if [ -e "/etc/cpanel/ea4/is_ea4" ]; then
    install_ea4
 else

From 7eb93c43639ef371567c76e61b98f67d52b6a2a4 Mon Sep 17 00:00:00 2001
From: Junade Ali <junade@cloudflare.com>
Date: Mon, 26 Jun 2017 13:24:35 +0100
Subject: [PATCH 4/5] Amended documentation (specifically around headers).

---
 README.md        | 14 ++++++++++++--
 mod_cloudflare.c |  7 ++++---
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index b8e4e59..1341ddf 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,15 @@ This specifies the header which contains the original IP. Default:
 
 ### CloudFlareRemoteIPTrustedProxy ###
 
-This is the IP range from which we will allow the `CloudFlareRemoteIPHeader` to be used from. See [here][1] for a complete list.
+This for trusted IP addresses or ranges from which we will allow the `CloudFlareRemoteIPHeader` to be used from. See [here][1] for a complete list.
+
+### DenyAllButCloudFlare ###
+
+When this is set, we will deny requests from IPs which aren't in the `CloudFlareRemoteIPTrustedProxy` directive or are not from a Cloudflare IP.
+
+Note that by default, `DenyAllButCloudflare` will not allow Remote IPs, they will need to be whitelisted through `CloudFlareRemoteIPTrustedProxy`.
+
+## Loading the Module ##
 
 Note that on some systems, you may have to add a `LoadModule` directive manually. This should look like:
 
@@ -36,12 +44,14 @@ Note that on some systems, you may have to add a `LoadModule` directive manually
 
 Replace `/usr/lib/apache2/modules/mod_cloudflare.so` with the path to `mod_cloudflare.so` on your system.
 
+## Installing apxs/apxs2 ##
+
 If you cannot find `apxs` or `apxs2`, install `apache2-dev` on Debian and Ubuntu, or `httpd-devel` on Red Hat and CentOS:
 
     $ apt-get install apache2-dev
     $ yum install httpd-devel
 
-NOTES:
+## Additional Notes ##
 
 - If mod\_cloudflare and mod\_remoteip are enabled on the same web server, the server will crash if they both try to set the remote IP to a different value.
 - Enabling mod\_cloudflare will not effect the performance of Apache in any noticeable manner. AB testing both over LAN and WAN show no equivalent numbers with and without mod\_cloudflare.
diff --git a/mod_cloudflare.c b/mod_cloudflare.c
index fa9f9c1..8d85d1a 100644
--- a/mod_cloudflare.c
+++ b/mod_cloudflare.c
@@ -16,10 +16,11 @@
  * Derived from mod_remoteip.c.
  * Default values for directives are hard-wired for CloudFlare defaults.
  *
- * Supported directives and defaults:
+ * Supported directives and example values (further info in README):
  *
- * CloudFlareIPHeader CF-Connecting-IP
- * CloudFlareIPTrustedProxy 204.93.173.0/24
+ * CloudFlareRemoteIPHeader CF-Connecting-IP
+ * CloudFlareRemoteIPTrustedProxy 204.93.173.0/24
+ * DenyAllButCloudFlare
  *
  */
 

From bf44eaed3b7de098bf0f2ed0dd2f98dd353c91e9 Mon Sep 17 00:00:00 2001
From: Junade Ali <junade@cloudflare.com>
Date: Mon, 26 Jun 2017 13:53:19 +0100
Subject: [PATCH 5/5] Updated README description of trusted IP listing.

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 1341ddf..b3369b4 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,7 @@ This specifies the header which contains the original IP. Default:
 
 ### CloudFlareRemoteIPTrustedProxy ###
 
-This for trusted IP addresses or ranges from which we will allow the `CloudFlareRemoteIPHeader` to be used from. See [here][1] for a complete list.
+This is to add additional trusted IP addresses or ranges from which we will allow `CloudFlareRemoteIPHeader` to be used from. We will rewrite remote IPs and the SSL variable (in the case of Flexible SSL) from these trusted IPs, additionally `DenyAllButCloudflare` will not deny requests from IPs listed here. See [here][1] for a complete list.
 
 ### DenyAllButCloudFlare ###