From 22c647eb5ccf7fac4b96eb617a67df0876d96b8e Mon Sep 17 00:00:00 2001
From: Marius van Witzenburg <info@mariusvw.com>
Date: Fri, 8 Jan 2021 12:33:46 +0100
Subject: [PATCH] feature(trust): improved remote ip internal proxy support
 (#300)

* feat(trusted_proxy): Add support for RemoteIPInternalProxy

* fix(syntax): add semicolon
---
 apache/files/Debian/conf-available/remoteip.conf.jinja | 3 +++
 apache/files/RedHat/conf.modules.d/remoteip.conf.jinja | 3 +++
 pillar.example                                         | 3 +++
 test/salt/pillar/modules.sls                           | 3 +++
 4 files changed, 12 insertions(+)

diff --git a/apache/files/Debian/conf-available/remoteip.conf.jinja b/apache/files/Debian/conf-available/remoteip.conf.jinja
index 4a0e45a..86a2d5b 100644
--- a/apache/files/Debian/conf-available/remoteip.conf.jinja
+++ b/apache/files/Debian/conf-available/remoteip.conf.jinja
@@ -2,3 +2,6 @@ RemoteIPHeader {{ salt['pillar.get']('apache:mod_remoteip:RemoteIPHeader', 'X-Fo
 {%- for trusted_proxy in salt['pillar.get']('apache:mod_remoteip:RemoteIPTrustedProxy', []) %}
 RemoteIPTrustedProxy {{ trusted_proxy }}
 {%- endfor %}
+{%- for trusted_proxy in salt['pillar.get']('apache:mod_remoteip:RemoteIPInternalProxy', []) %}
+RemoteIPInternalProxy {{ trusted_proxy }}
+{%- endfor %}
diff --git a/apache/files/RedHat/conf.modules.d/remoteip.conf.jinja b/apache/files/RedHat/conf.modules.d/remoteip.conf.jinja
index 163feec..3769aad 100644
--- a/apache/files/RedHat/conf.modules.d/remoteip.conf.jinja
+++ b/apache/files/RedHat/conf.modules.d/remoteip.conf.jinja
@@ -6,3 +6,6 @@ RemoteIPHeader {{ salt['pillar.get']('apache:mod_remoteip:RemoteIPHeader', 'X-Fo
 {%- for trusted_proxy in salt['pillar.get']('apache:mod_remoteip:RemoteIPTrustedProxy', []) %}
 RemoteIPTrustedProxy {{ trusted_proxy }}
 {%- endfor %}
+{%- for trusted_proxy in salt['pillar.get']('apache:mod_remoteip:RemoteIPInternalProxy', []) %}
+RemoteIPInternalProxy {{ trusted_proxy }}
+{%- endfor %}
diff --git a/pillar.example b/pillar.example
index 125159b..743596c 100644
--- a/pillar.example
+++ b/pillar.example
@@ -444,6 +444,9 @@ apache:
     RemoteIPTrustedProxy:
       - 10.0.8.0/24
       - 127.0.0.1
+    RemoteIPInternalProxy:
+      - 10.10.8.0/24
+      - 127.0.0.1
 
   # ``apache.mod_security`` formula additional configuration:
   mod_security:
diff --git a/test/salt/pillar/modules.sls b/test/salt/pillar/modules.sls
index 1a1b41d..0de1c84 100644
--- a/test/salt/pillar/modules.sls
+++ b/test/salt/pillar/modules.sls
@@ -427,6 +427,9 @@ apache:
     RemoteIPTrustedProxy:
       - 10.0.8.0/24
       - 127.0.0.1
+    RemoteIPInternalProxy:
+      - 10.10.8.0/24
+      - 127.0.0.1
 
   # ``apache.mod_security`` formula additional configuration:
   mod_security: