Mercurial > hg > nginx-quic
annotate src/http/modules/ngx_http_realip_module.c @ 8935:38c71f9b2293
SSL: reduced logging of session cache failures (ticket #621).
Session cache allocations might fail as long as the new session is different
in size from the one least recently used (and freed when the first allocation
fails). In particular, it might not be possible to allocate space for
sessions with client certificates, since they are noticeably bigger than
normal sessions.
To ensure such allocation failures won't clutter logs, logging level changed
to "warn", and logging is now limited to at most one warning per second.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 12 Oct 2022 20:14:36 +0300 |
parents | ef6a3a99a81a |
children |
rev | line source |
---|---|
573 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4412 | 4 * Copyright (C) Nginx, Inc. |
573 | 5 */ |
6 | |
7 | |
8 #include <ngx_config.h> | |
9 #include <ngx_core.h> | |
10 #include <ngx_http.h> | |
11 | |
12 | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
13 #define NGX_HTTP_REALIP_XREALIP 0 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
14 #define NGX_HTTP_REALIP_XFWD 1 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
15 #define NGX_HTTP_REALIP_HEADER 2 |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
16 #define NGX_HTTP_REALIP_PROXY 3 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
17 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
18 |
573 | 19 typedef struct { |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
20 ngx_array_t *from; /* array of ngx_cidr_t */ |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
21 ngx_uint_t type; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
22 ngx_uint_t hash; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
23 ngx_str_t header; |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
24 ngx_flag_t recursive; |
573 | 25 } ngx_http_realip_loc_conf_t; |
26 | |
27 | |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
28 typedef struct { |
3274 | 29 ngx_connection_t *connection; |
30 struct sockaddr *sockaddr; | |
31 socklen_t socklen; | |
32 ngx_str_t addr_text; | |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
33 } ngx_http_realip_ctx_t; |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
34 |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
35 |
573 | 36 static ngx_int_t ngx_http_realip_handler(ngx_http_request_t *r); |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
37 static ngx_int_t ngx_http_realip_set_addr(ngx_http_request_t *r, |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
38 ngx_addr_t *addr); |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
39 static void ngx_http_realip_cleanup(void *data); |
573 | 40 static char *ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, |
41 void *conf); | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
42 static char *ngx_http_realip(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
573 | 43 static void *ngx_http_realip_create_loc_conf(ngx_conf_t *cf); |
44 static char *ngx_http_realip_merge_loc_conf(ngx_conf_t *cf, | |
45 void *parent, void *child); | |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
46 static ngx_int_t ngx_http_realip_add_variables(ngx_conf_t *cf); |
681 | 47 static ngx_int_t ngx_http_realip_init(ngx_conf_t *cf); |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
48 static ngx_http_realip_ctx_t *ngx_http_realip_get_module_ctx( |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
49 ngx_http_request_t *r); |
573 | 50 |
51 | |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
52 static ngx_int_t ngx_http_realip_remote_addr_variable(ngx_http_request_t *r, |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
53 ngx_http_variable_value_t *v, uintptr_t data); |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
54 static ngx_int_t ngx_http_realip_remote_port_variable(ngx_http_request_t *r, |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
55 ngx_http_variable_value_t *v, uintptr_t data); |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
56 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
57 |
573 | 58 static ngx_command_t ngx_http_realip_commands[] = { |
59 | |
60 { ngx_string("set_real_ip_from"), | |
61 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
62 ngx_http_realip_from, | |
63 NGX_HTTP_LOC_CONF_OFFSET, | |
64 0, | |
65 NULL }, | |
66 | |
67 { ngx_string("real_ip_header"), | |
68 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
69 ngx_http_realip, |
573 | 70 NGX_HTTP_LOC_CONF_OFFSET, |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
71 0, |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
72 NULL }, |
573 | 73 |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
74 { ngx_string("real_ip_recursive"), |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
75 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
76 ngx_conf_set_flag_slot, |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
77 NGX_HTTP_LOC_CONF_OFFSET, |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
78 offsetof(ngx_http_realip_loc_conf_t, recursive), |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
79 NULL }, |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
80 |
573 | 81 ngx_null_command |
82 }; | |
83 | |
84 | |
85 | |
667 | 86 static ngx_http_module_t ngx_http_realip_module_ctx = { |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
87 ngx_http_realip_add_variables, /* preconfiguration */ |
681 | 88 ngx_http_realip_init, /* postconfiguration */ |
573 | 89 |
90 NULL, /* create main configuration */ | |
91 NULL, /* init main configuration */ | |
92 | |
93 NULL, /* create server configuration */ | |
94 NULL, /* merge server configuration */ | |
95 | |
96 ngx_http_realip_create_loc_conf, /* create location configuration */ | |
97 ngx_http_realip_merge_loc_conf /* merge location configuration */ | |
98 }; | |
99 | |
100 | |
101 ngx_module_t ngx_http_realip_module = { | |
102 NGX_MODULE_V1, | |
103 &ngx_http_realip_module_ctx, /* module context */ | |
104 ngx_http_realip_commands, /* module directives */ | |
105 NGX_HTTP_MODULE, /* module type */ | |
106 NULL, /* init master */ | |
681 | 107 NULL, /* init module */ |
573 | 108 NULL, /* init process */ |
109 NULL, /* init thread */ | |
110 NULL, /* exit thread */ | |
111 NULL, /* exit process */ | |
112 NULL, /* exit master */ | |
113 NGX_MODULE_V1_PADDING | |
114 }; | |
115 | |
116 | |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
117 static ngx_http_variable_t ngx_http_realip_vars[] = { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
118 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
119 { ngx_string("realip_remote_addr"), NULL, |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
120 ngx_http_realip_remote_addr_variable, 0, 0, 0 }, |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
121 |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
122 { ngx_string("realip_remote_port"), NULL, |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
123 ngx_http_realip_remote_port_variable, 0, 0, 0 }, |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
124 |
7077
2a288909abc6
Variables: macros for null variables.
Ruslan Ermilov <ru@nginx.com>
parents:
6997
diff
changeset
|
125 ngx_http_null_variable |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
126 }; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
127 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
128 |
573 | 129 static ngx_int_t |
130 ngx_http_realip_handler(ngx_http_request_t *r) | |
131 { | |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
132 u_char *p; |
573 | 133 size_t len; |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
134 ngx_str_t *value; |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
135 ngx_uint_t i, hash; |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
136 ngx_addr_t addr; |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
137 ngx_list_part_t *part; |
8873
ef6a3a99a81a
Reworked multi headers to use linked lists.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7590
diff
changeset
|
138 ngx_table_elt_t *header, *xfwd; |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
139 ngx_connection_t *c; |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
140 ngx_http_realip_ctx_t *ctx; |
573 | 141 ngx_http_realip_loc_conf_t *rlcf; |
142 | |
6729
cecf415643d7
Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6671
diff
changeset
|
143 rlcf = ngx_http_get_module_loc_conf(r, ngx_http_realip_module); |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
144 |
6729
cecf415643d7
Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6671
diff
changeset
|
145 if (rlcf->from == NULL) { |
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
146 return NGX_DECLINED; |
573 | 147 } |
148 | |
6729
cecf415643d7
Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6671
diff
changeset
|
149 ctx = ngx_http_realip_get_module_ctx(r); |
573 | 150 |
6729
cecf415643d7
Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6671
diff
changeset
|
151 if (ctx) { |
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
152 return NGX_DECLINED; |
573 | 153 } |
154 | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
155 switch (rlcf->type) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
156 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
157 case NGX_HTTP_REALIP_XREALIP: |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
158 |
573 | 159 if (r->headers_in.x_real_ip == NULL) { |
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
160 return NGX_DECLINED; |
573 | 161 } |
162 | |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
163 value = &r->headers_in.x_real_ip->value; |
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
164 xfwd = NULL; |
573 | 165 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
166 break; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
167 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
168 case NGX_HTTP_REALIP_XFWD: |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
169 |
8873
ef6a3a99a81a
Reworked multi headers to use linked lists.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7590
diff
changeset
|
170 xfwd = r->headers_in.x_forwarded_for; |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
171 |
8873
ef6a3a99a81a
Reworked multi headers to use linked lists.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7590
diff
changeset
|
172 if (xfwd == NULL) { |
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
173 return NGX_DECLINED; |
573 | 174 } |
175 | |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
176 value = NULL; |
573 | 177 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
178 break; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
179 |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
180 case NGX_HTTP_REALIP_PROXY: |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
181 |
7590
06b01840bd42
Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7077
diff
changeset
|
182 if (r->connection->proxy_protocol == NULL) { |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
183 return NGX_DECLINED; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
184 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
185 |
7590
06b01840bd42
Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7077
diff
changeset
|
186 value = &r->connection->proxy_protocol->src_addr; |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
187 xfwd = NULL; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
188 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
189 break; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
190 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
191 default: /* NGX_HTTP_REALIP_HEADER */ |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
192 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
193 part = &r->headers_in.headers.part; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
194 header = part->elts; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
195 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
196 hash = rlcf->hash; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
197 len = rlcf->header.len; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
198 p = rlcf->header.data; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
199 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
200 for (i = 0; /* void */ ; i++) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
201 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
202 if (i >= part->nelts) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
203 if (part->next == NULL) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
204 break; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
205 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
206 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
207 part = part->next; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
208 header = part->elts; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
209 i = 0; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
210 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
211 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
212 if (hash == header[i].hash |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
213 && len == header[i].key.len |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
214 && ngx_strncmp(p, header[i].lowcase_key, len) == 0) |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
215 { |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
216 value = &header[i].value; |
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
217 xfwd = NULL; |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
218 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
219 goto found; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
220 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
221 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
222 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
223 return NGX_DECLINED; |
573 | 224 } |
225 | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
226 found: |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
227 |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
228 c = r->connection; |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
229 |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
230 addr.sockaddr = c->sockaddr; |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
231 addr.socklen = c->socklen; |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
232 /* addr.name = c->addr_text; */ |
3274 | 233 |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
234 if (ngx_http_get_forwarded_addr(r, &addr, xfwd, value, rlcf->from, |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
235 rlcf->recursive) |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
236 != NGX_DECLINED) |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
237 { |
6563
26feae43987f
Realip: take client port from PROXY protocol header.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6562
diff
changeset
|
238 if (rlcf->type == NGX_HTTP_REALIP_PROXY) { |
7590
06b01840bd42
Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7077
diff
changeset
|
239 ngx_inet_set_port(addr.sockaddr, c->proxy_protocol->src_port); |
6563
26feae43987f
Realip: take client port from PROXY protocol header.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6562
diff
changeset
|
240 } |
26feae43987f
Realip: take client port from PROXY protocol header.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6562
diff
changeset
|
241 |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
242 return ngx_http_realip_set_addr(r, &addr); |
3274 | 243 } |
244 | |
245 return NGX_DECLINED; | |
246 } | |
247 | |
573 | 248 |
3274 | 249 static ngx_int_t |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
250 ngx_http_realip_set_addr(ngx_http_request_t *r, ngx_addr_t *addr) |
3274 | 251 { |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
252 size_t len; |
3274 | 253 u_char *p; |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
254 u_char text[NGX_SOCKADDR_STRLEN]; |
3274 | 255 ngx_connection_t *c; |
256 ngx_pool_cleanup_t *cln; | |
257 ngx_http_realip_ctx_t *ctx; | |
573 | 258 |
3274 | 259 cln = ngx_pool_cleanup_add(r->pool, sizeof(ngx_http_realip_ctx_t)); |
260 if (cln == NULL) { | |
261 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
262 } | |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
263 |
3274 | 264 ctx = cln->data; |
1114
3f354952e91d
fix broken values, debug logging, and style fix
Igor Sysoev <igor@sysoev.ru>
parents:
986
diff
changeset
|
265 |
3274 | 266 c = r->connection; |
267 | |
5263
05ba5bce31e0
Core: extended ngx_sock_ntop() with socklen parameter.
Vladimir Homutov <vl@nginx.com>
parents:
5084
diff
changeset
|
268 len = ngx_sock_ntop(addr->sockaddr, addr->socklen, text, |
05ba5bce31e0
Core: extended ngx_sock_ntop() with socklen parameter.
Vladimir Homutov <vl@nginx.com>
parents:
5084
diff
changeset
|
269 NGX_SOCKADDR_STRLEN, 0); |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
270 if (len == 0) { |
3274 | 271 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
272 } | |
1114
3f354952e91d
fix broken values, debug logging, and style fix
Igor Sysoev <igor@sysoev.ru>
parents:
986
diff
changeset
|
273 |
3274 | 274 p = ngx_pnalloc(c->pool, len); |
275 if (p == NULL) { | |
276 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
277 } | |
1118
cec2866f29bd
a client address must be allocated from a connection pool
Igor Sysoev <igor@sysoev.ru>
parents:
1114
diff
changeset
|
278 |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
279 ngx_memcpy(p, text, len); |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
280 |
3274 | 281 cln->handler = ngx_http_realip_cleanup; |
6671
6b1b8c4b7a95
Realip: fixed uninitialized memory access.
Roman Arutyunyan <arut@nginx.com>
parents:
6593
diff
changeset
|
282 ngx_http_set_ctx(r, ctx, ngx_http_realip_module); |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
283 |
3274 | 284 ctx->connection = c; |
285 ctx->sockaddr = c->sockaddr; | |
286 ctx->socklen = c->socklen; | |
287 ctx->addr_text = c->addr_text; | |
573 | 288 |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
289 c->sockaddr = addr->sockaddr; |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
290 c->socklen = addr->socklen; |
3274 | 291 c->addr_text.len = len; |
292 c->addr_text.data = p; | |
573 | 293 |
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
294 return NGX_DECLINED; |
573 | 295 } |
296 | |
297 | |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
298 static void |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
299 ngx_http_realip_cleanup(void *data) |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
300 { |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
301 ngx_http_realip_ctx_t *ctx = data; |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
302 |
3273
fe71be4a02f1
support IPv6 addresses in Real IP headers
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
303 ngx_connection_t *c; |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
304 |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
305 c = ctx->connection; |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
306 |
3273
fe71be4a02f1
support IPv6 addresses in Real IP headers
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
307 c->sockaddr = ctx->sockaddr; |
fe71be4a02f1
support IPv6 addresses in Real IP headers
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
308 c->socklen = ctx->socklen; |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
309 c->addr_text = ctx->addr_text; |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
310 } |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
311 |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
312 |
573 | 313 static char * |
314 ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
315 { | |
316 ngx_http_realip_loc_conf_t *rlcf = conf; | |
317 | |
6997
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
318 ngx_int_t rc; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
319 ngx_str_t *value; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
320 ngx_url_t u; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
321 ngx_cidr_t c, *cidr; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
322 ngx_uint_t i; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
323 struct sockaddr_in *sin; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
324 #if (NGX_HAVE_INET6) |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
325 struct sockaddr_in6 *sin6; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
326 #endif |
573 | 327 |
3274 | 328 value = cf->args->elts; |
329 | |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
330 if (rlcf->from == NULL) { |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
331 rlcf->from = ngx_array_create(cf->pool, 2, |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
332 sizeof(ngx_cidr_t)); |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
333 if (rlcf->from == NULL) { |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
334 return NGX_CONF_ERROR; |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
335 } |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
336 } |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
337 |
3274 | 338 #if (NGX_HAVE_UNIX_DOMAIN) |
339 | |
340 if (ngx_strcmp(value[1].data, "unix:") == 0) { | |
6997
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
341 cidr = ngx_array_push(rlcf->from); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
342 if (cidr == NULL) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
343 return NGX_CONF_ERROR; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
344 } |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
345 |
6474 | 346 cidr->family = AF_UNIX; |
347 return NGX_CONF_OK; | |
3274 | 348 } |
349 | |
350 #endif | |
351 | |
6997
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
352 rc = ngx_ptocidr(&value[1], &c); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
353 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
354 if (rc != NGX_ERROR) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
355 if (rc == NGX_DONE) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
356 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
357 "low address bits of %V are meaningless", |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
358 &value[1]); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
359 } |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
360 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
361 cidr = ngx_array_push(rlcf->from); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
362 if (cidr == NULL) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
363 return NGX_CONF_ERROR; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
364 } |
1380
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
365 |
6997
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
366 *cidr = c; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
367 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
368 return NGX_CONF_OK; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
369 } |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
370 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
371 ngx_memzero(&u, sizeof(ngx_url_t)); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
372 u.host = value[1]; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
373 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
374 if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
375 if (u.err) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
376 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
377 "%s in set_real_ip_from \"%V\"", |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
378 u.err, &u.host); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
379 } |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
380 |
573 | 381 return NGX_CONF_ERROR; |
382 } | |
383 | |
6997
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
384 cidr = ngx_array_push_n(rlcf->from, u.naddrs); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
385 if (cidr == NULL) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
386 return NGX_CONF_ERROR; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
387 } |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
388 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
389 ngx_memzero(cidr, u.naddrs * sizeof(ngx_cidr_t)); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
390 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
391 for (i = 0; i < u.naddrs; i++) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
392 cidr[i].family = u.addrs[i].sockaddr->sa_family; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
393 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
394 switch (cidr[i].family) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
395 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
396 #if (NGX_HAVE_INET6) |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
397 case AF_INET6: |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
398 sin6 = (struct sockaddr_in6 *) u.addrs[i].sockaddr; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
399 cidr[i].u.in6.addr = sin6->sin6_addr; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
400 ngx_memset(cidr[i].u.in6.mask.s6_addr, 0xff, 16); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
401 break; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
402 #endif |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
403 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
404 default: /* AF_INET */ |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
405 sin = (struct sockaddr_in *) u.addrs[i].sockaddr; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
406 cidr[i].u.in.addr = sin->sin_addr.s_addr; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
407 cidr[i].u.in.mask = 0xffffffff; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
408 break; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
409 } |
1380
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
410 } |
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
411 |
573 | 412 return NGX_CONF_OK; |
413 } | |
414 | |
415 | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
416 static char * |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
417 ngx_http_realip(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
418 { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
419 ngx_http_realip_loc_conf_t *rlcf = conf; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
420 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
421 ngx_str_t *value; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
422 |
6565
3af0e65a461a
Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents:
6563
diff
changeset
|
423 if (rlcf->type != NGX_CONF_UNSET_UINT) { |
3af0e65a461a
Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents:
6563
diff
changeset
|
424 return "is duplicate"; |
3af0e65a461a
Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents:
6563
diff
changeset
|
425 } |
3af0e65a461a
Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents:
6563
diff
changeset
|
426 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
427 value = cf->args->elts; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
428 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
429 if (ngx_strcmp(value[1].data, "X-Real-IP") == 0) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
430 rlcf->type = NGX_HTTP_REALIP_XREALIP; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
431 return NGX_CONF_OK; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
432 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
433 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
434 if (ngx_strcmp(value[1].data, "X-Forwarded-For") == 0) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
435 rlcf->type = NGX_HTTP_REALIP_XFWD; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
436 return NGX_CONF_OK; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
437 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
438 |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
439 if (ngx_strcmp(value[1].data, "proxy_protocol") == 0) { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
440 rlcf->type = NGX_HTTP_REALIP_PROXY; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
441 return NGX_CONF_OK; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
442 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
443 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
444 rlcf->type = NGX_HTTP_REALIP_HEADER; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
445 rlcf->hash = ngx_hash_strlow(value[1].data, value[1].data, value[1].len); |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
446 rlcf->header = value[1]; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
447 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
448 return NGX_CONF_OK; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
449 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
450 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
451 |
573 | 452 static void * |
453 ngx_http_realip_create_loc_conf(ngx_conf_t *cf) | |
454 { | |
455 ngx_http_realip_loc_conf_t *conf; | |
456 | |
457 conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_realip_loc_conf_t)); | |
458 if (conf == NULL) { | |
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2537
diff
changeset
|
459 return NULL; |
573 | 460 } |
461 | |
462 /* | |
463 * set by ngx_pcalloc(): | |
464 * | |
465 * conf->from = NULL; | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
466 * conf->hash = 0; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
467 * conf->header = { 0, NULL }; |
573 | 468 */ |
469 | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
470 conf->type = NGX_CONF_UNSET_UINT; |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
471 conf->recursive = NGX_CONF_UNSET; |
573 | 472 |
473 return conf; | |
474 } | |
475 | |
476 | |
477 static char * | |
478 ngx_http_realip_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) | |
479 { | |
480 ngx_http_realip_loc_conf_t *prev = parent; | |
481 ngx_http_realip_loc_conf_t *conf = child; | |
482 | |
483 if (conf->from == NULL) { | |
484 conf->from = prev->from; | |
3305
8017f9bda3f6
fix "set_real_ip_from unix:" inheritance
Igor Sysoev <igor@sysoev.ru>
parents:
3291
diff
changeset
|
485 } |
8017f9bda3f6
fix "set_real_ip_from unix:" inheritance
Igor Sysoev <igor@sysoev.ru>
parents:
3291
diff
changeset
|
486 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
487 ngx_conf_merge_uint_value(conf->type, prev->type, NGX_HTTP_REALIP_XREALIP); |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
488 ngx_conf_merge_value(conf->recursive, prev->recursive, 0); |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
489 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
490 if (conf->header.len == 0) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
491 conf->hash = prev->hash; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
492 conf->header = prev->header; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
493 } |
573 | 494 |
495 return NGX_CONF_OK; | |
496 } | |
497 | |
498 | |
499 static ngx_int_t | |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
500 ngx_http_realip_add_variables(ngx_conf_t *cf) |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
501 { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
502 ngx_http_variable_t *var, *v; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
503 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
504 for (v = ngx_http_realip_vars; v->name.len; v++) { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
505 var = ngx_http_add_variable(cf, &v->name, v->flags); |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
506 if (var == NULL) { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
507 return NGX_ERROR; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
508 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
509 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
510 var->get_handler = v->get_handler; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
511 var->data = v->data; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
512 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
513 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
514 return NGX_OK; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
515 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
516 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
517 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
518 static ngx_int_t |
681 | 519 ngx_http_realip_init(ngx_conf_t *cf) |
573 | 520 { |
521 ngx_http_handler_pt *h; | |
522 ngx_http_core_main_conf_t *cmcf; | |
523 | |
681 | 524 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); |
573 | 525 |
526 h = ngx_array_push(&cmcf->phases[NGX_HTTP_POST_READ_PHASE].handlers); | |
527 if (h == NULL) { | |
528 return NGX_ERROR; | |
529 } | |
530 | |
531 *h = ngx_http_realip_handler; | |
532 | |
581 | 533 h = ngx_array_push(&cmcf->phases[NGX_HTTP_PREACCESS_PHASE].handlers); |
573 | 534 if (h == NULL) { |
535 return NGX_ERROR; | |
536 } | |
537 | |
538 *h = ngx_http_realip_handler; | |
539 | |
540 return NGX_OK; | |
541 } | |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
542 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
543 |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
544 static ngx_http_realip_ctx_t * |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
545 ngx_http_realip_get_module_ctx(ngx_http_request_t *r) |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
546 { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
547 ngx_pool_cleanup_t *cln; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
548 ngx_http_realip_ctx_t *ctx; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
549 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
550 ctx = ngx_http_get_module_ctx(r, ngx_http_realip_module); |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
551 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
552 if (ctx == NULL && (r->internal || r->filter_finalize)) { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
553 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
554 /* |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
555 * if module context was reset, the original address |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
556 * can still be found in the cleanup handler |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
557 */ |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
558 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
559 for (cln = r->pool->cleanup; cln; cln = cln->next) { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
560 if (cln->handler == ngx_http_realip_cleanup) { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
561 ctx = cln->data; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
562 break; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
563 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
564 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
565 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
566 |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
567 return ctx; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
568 } |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
569 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
570 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
571 static ngx_int_t |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
572 ngx_http_realip_remote_addr_variable(ngx_http_request_t *r, |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
573 ngx_http_variable_value_t *v, uintptr_t data) |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
574 { |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
575 ngx_str_t *addr_text; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
576 ngx_http_realip_ctx_t *ctx; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
577 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
578 ctx = ngx_http_realip_get_module_ctx(r); |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
579 |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
580 addr_text = ctx ? &ctx->addr_text : &r->connection->addr_text; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
581 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
582 v->len = addr_text->len; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
583 v->valid = 1; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
584 v->no_cacheable = 0; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
585 v->not_found = 0; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
586 v->data = addr_text->data; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
587 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
588 return NGX_OK; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
589 } |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
590 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
591 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
592 static ngx_int_t |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
593 ngx_http_realip_remote_port_variable(ngx_http_request_t *r, |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
594 ngx_http_variable_value_t *v, uintptr_t data) |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
595 { |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
596 ngx_uint_t port; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
597 struct sockaddr *sa; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
598 ngx_http_realip_ctx_t *ctx; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
599 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
600 ctx = ngx_http_realip_get_module_ctx(r); |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
601 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
602 sa = ctx ? ctx->sockaddr : r->connection->sockaddr; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
603 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
604 v->len = 0; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
605 v->valid = 1; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
606 v->no_cacheable = 0; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
607 v->not_found = 0; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
608 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
609 v->data = ngx_pnalloc(r->pool, sizeof("65535") - 1); |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
610 if (v->data == NULL) { |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
611 return NGX_ERROR; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
612 } |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
613 |
6593
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6565
diff
changeset
|
614 port = ngx_inet_get_port(sa); |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
615 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
616 if (port > 0 && port < 65536) { |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
617 v->len = ngx_sprintf(v->data, "%ui", port) - v->data; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
618 } |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
619 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
620 return NGX_OK; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
621 } |