Mercurial > hg > nginx-quic
annotate src/http/modules/ngx_http_realip_module.c @ 7152:3b635e8fd499
FastCGI: adjust buffer position when parsing incomplete records.
Previously, nginx failed to move buffer position when parsing an incomplete
record header, and due to this wasn't be able to continue parsing once
remaining bytes of the record header were received.
This can affect response header parsing, potentially generating spurious errors
like "upstream sent unexpected FastCGI request id high byte: 1 while reading
response header from upstream". While this is very unlikely, since usually
record headers are written in a single buffer, this still can happen in real
life, for example, if a record header will be split across two TCP packets
and the second packet will be delayed.
This does not affect non-buffered response body proxying, due to "buf->pos =
buf->last;" at the start of the ngx_http_fastcgi_non_buffered_filter()
function. Also this does not affect buffered response body proxying, as
each input buffer is only passed to the filter once.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 09 Nov 2017 15:35:20 +0300 |
parents | 2a288909abc6 |
children | 06b01840bd42 |
rev | line source |
---|---|
573 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4412 | 4 * Copyright (C) Nginx, Inc. |
573 | 5 */ |
6 | |
7 | |
8 #include <ngx_config.h> | |
9 #include <ngx_core.h> | |
10 #include <ngx_http.h> | |
11 | |
12 | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
13 #define NGX_HTTP_REALIP_XREALIP 0 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
14 #define NGX_HTTP_REALIP_XFWD 1 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
15 #define NGX_HTTP_REALIP_HEADER 2 |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
16 #define NGX_HTTP_REALIP_PROXY 3 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
17 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
18 |
573 | 19 typedef struct { |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
20 ngx_array_t *from; /* array of ngx_cidr_t */ |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
21 ngx_uint_t type; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
22 ngx_uint_t hash; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
23 ngx_str_t header; |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
24 ngx_flag_t recursive; |
573 | 25 } ngx_http_realip_loc_conf_t; |
26 | |
27 | |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
28 typedef struct { |
3274 | 29 ngx_connection_t *connection; |
30 struct sockaddr *sockaddr; | |
31 socklen_t socklen; | |
32 ngx_str_t addr_text; | |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
33 } ngx_http_realip_ctx_t; |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
34 |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
35 |
573 | 36 static ngx_int_t ngx_http_realip_handler(ngx_http_request_t *r); |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
37 static ngx_int_t ngx_http_realip_set_addr(ngx_http_request_t *r, |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
38 ngx_addr_t *addr); |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
39 static void ngx_http_realip_cleanup(void *data); |
573 | 40 static char *ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, |
41 void *conf); | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
42 static char *ngx_http_realip(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
573 | 43 static void *ngx_http_realip_create_loc_conf(ngx_conf_t *cf); |
44 static char *ngx_http_realip_merge_loc_conf(ngx_conf_t *cf, | |
45 void *parent, void *child); | |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
46 static ngx_int_t ngx_http_realip_add_variables(ngx_conf_t *cf); |
681 | 47 static ngx_int_t ngx_http_realip_init(ngx_conf_t *cf); |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
48 static ngx_http_realip_ctx_t *ngx_http_realip_get_module_ctx( |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
49 ngx_http_request_t *r); |
573 | 50 |
51 | |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
52 static ngx_int_t ngx_http_realip_remote_addr_variable(ngx_http_request_t *r, |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
53 ngx_http_variable_value_t *v, uintptr_t data); |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
54 static ngx_int_t ngx_http_realip_remote_port_variable(ngx_http_request_t *r, |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
55 ngx_http_variable_value_t *v, uintptr_t data); |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
56 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
57 |
573 | 58 static ngx_command_t ngx_http_realip_commands[] = { |
59 | |
60 { ngx_string("set_real_ip_from"), | |
61 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
62 ngx_http_realip_from, | |
63 NGX_HTTP_LOC_CONF_OFFSET, | |
64 0, | |
65 NULL }, | |
66 | |
67 { ngx_string("real_ip_header"), | |
68 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
69 ngx_http_realip, |
573 | 70 NGX_HTTP_LOC_CONF_OFFSET, |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
71 0, |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
72 NULL }, |
573 | 73 |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
74 { ngx_string("real_ip_recursive"), |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
75 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
76 ngx_conf_set_flag_slot, |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
77 NGX_HTTP_LOC_CONF_OFFSET, |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
78 offsetof(ngx_http_realip_loc_conf_t, recursive), |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
79 NULL }, |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
80 |
573 | 81 ngx_null_command |
82 }; | |
83 | |
84 | |
85 | |
667 | 86 static ngx_http_module_t ngx_http_realip_module_ctx = { |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
87 ngx_http_realip_add_variables, /* preconfiguration */ |
681 | 88 ngx_http_realip_init, /* postconfiguration */ |
573 | 89 |
90 NULL, /* create main configuration */ | |
91 NULL, /* init main configuration */ | |
92 | |
93 NULL, /* create server configuration */ | |
94 NULL, /* merge server configuration */ | |
95 | |
96 ngx_http_realip_create_loc_conf, /* create location configuration */ | |
97 ngx_http_realip_merge_loc_conf /* merge location configuration */ | |
98 }; | |
99 | |
100 | |
101 ngx_module_t ngx_http_realip_module = { | |
102 NGX_MODULE_V1, | |
103 &ngx_http_realip_module_ctx, /* module context */ | |
104 ngx_http_realip_commands, /* module directives */ | |
105 NGX_HTTP_MODULE, /* module type */ | |
106 NULL, /* init master */ | |
681 | 107 NULL, /* init module */ |
573 | 108 NULL, /* init process */ |
109 NULL, /* init thread */ | |
110 NULL, /* exit thread */ | |
111 NULL, /* exit process */ | |
112 NULL, /* exit master */ | |
113 NGX_MODULE_V1_PADDING | |
114 }; | |
115 | |
116 | |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
117 static ngx_http_variable_t ngx_http_realip_vars[] = { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
118 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
119 { ngx_string("realip_remote_addr"), NULL, |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
120 ngx_http_realip_remote_addr_variable, 0, 0, 0 }, |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
121 |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
122 { ngx_string("realip_remote_port"), NULL, |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
123 ngx_http_realip_remote_port_variable, 0, 0, 0 }, |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
124 |
7077
2a288909abc6
Variables: macros for null variables.
Ruslan Ermilov <ru@nginx.com>
parents:
6997
diff
changeset
|
125 ngx_http_null_variable |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
126 }; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
127 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
128 |
573 | 129 static ngx_int_t |
130 ngx_http_realip_handler(ngx_http_request_t *r) | |
131 { | |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
132 u_char *p; |
573 | 133 size_t len; |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
134 ngx_str_t *value; |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
135 ngx_uint_t i, hash; |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
136 ngx_addr_t addr; |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
137 ngx_array_t *xfwd; |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
138 ngx_list_part_t *part; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
139 ngx_table_elt_t *header; |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
140 ngx_connection_t *c; |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
141 ngx_http_realip_ctx_t *ctx; |
573 | 142 ngx_http_realip_loc_conf_t *rlcf; |
143 | |
6729
cecf415643d7
Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6671
diff
changeset
|
144 rlcf = ngx_http_get_module_loc_conf(r, ngx_http_realip_module); |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
145 |
6729
cecf415643d7
Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6671
diff
changeset
|
146 if (rlcf->from == NULL) { |
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
147 return NGX_DECLINED; |
573 | 148 } |
149 | |
6729
cecf415643d7
Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6671
diff
changeset
|
150 ctx = ngx_http_realip_get_module_ctx(r); |
573 | 151 |
6729
cecf415643d7
Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6671
diff
changeset
|
152 if (ctx) { |
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
153 return NGX_DECLINED; |
573 | 154 } |
155 | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
156 switch (rlcf->type) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
157 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
158 case NGX_HTTP_REALIP_XREALIP: |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
159 |
573 | 160 if (r->headers_in.x_real_ip == NULL) { |
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
161 return NGX_DECLINED; |
573 | 162 } |
163 | |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
164 value = &r->headers_in.x_real_ip->value; |
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
165 xfwd = NULL; |
573 | 166 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
167 break; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
168 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
169 case NGX_HTTP_REALIP_XFWD: |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
170 |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
171 xfwd = &r->headers_in.x_forwarded_for; |
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
172 |
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
173 if (xfwd->elts == NULL) { |
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
174 return NGX_DECLINED; |
573 | 175 } |
176 | |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
177 value = NULL; |
573 | 178 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
179 break; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
180 |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
181 case NGX_HTTP_REALIP_PROXY: |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
182 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
183 value = &r->connection->proxy_protocol_addr; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
184 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
185 if (value->len == 0) { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
186 return NGX_DECLINED; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
187 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
188 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
189 xfwd = NULL; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
190 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
191 break; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
192 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
193 default: /* NGX_HTTP_REALIP_HEADER */ |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
194 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
195 part = &r->headers_in.headers.part; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
196 header = part->elts; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
197 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
198 hash = rlcf->hash; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
199 len = rlcf->header.len; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
200 p = rlcf->header.data; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
201 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
202 for (i = 0; /* void */ ; i++) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
203 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
204 if (i >= part->nelts) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
205 if (part->next == NULL) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
206 break; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
207 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
208 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
209 part = part->next; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
210 header = part->elts; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
211 i = 0; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
212 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
213 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
214 if (hash == header[i].hash |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
215 && len == header[i].key.len |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
216 && ngx_strncmp(p, header[i].lowcase_key, len) == 0) |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
217 { |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
218 value = &header[i].value; |
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
219 xfwd = NULL; |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
220 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
221 goto found; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
222 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
223 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
224 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
225 return NGX_DECLINED; |
573 | 226 } |
227 | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
228 found: |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
229 |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
230 c = r->connection; |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
231 |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
232 addr.sockaddr = c->sockaddr; |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
233 addr.socklen = c->socklen; |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
234 /* addr.name = c->addr_text; */ |
3274 | 235 |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
236 if (ngx_http_get_forwarded_addr(r, &addr, xfwd, value, rlcf->from, |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
237 rlcf->recursive) |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
238 != NGX_DECLINED) |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
239 { |
6563
26feae43987f
Realip: take client port from PROXY protocol header.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6562
diff
changeset
|
240 if (rlcf->type == NGX_HTTP_REALIP_PROXY) { |
6593
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6565
diff
changeset
|
241 ngx_inet_set_port(addr.sockaddr, c->proxy_protocol_port); |
6563
26feae43987f
Realip: take client port from PROXY protocol header.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6562
diff
changeset
|
242 } |
26feae43987f
Realip: take client port from PROXY protocol header.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6562
diff
changeset
|
243 |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
244 return ngx_http_realip_set_addr(r, &addr); |
3274 | 245 } |
246 | |
247 return NGX_DECLINED; | |
248 } | |
249 | |
573 | 250 |
3274 | 251 static ngx_int_t |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
252 ngx_http_realip_set_addr(ngx_http_request_t *r, ngx_addr_t *addr) |
3274 | 253 { |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
254 size_t len; |
3274 | 255 u_char *p; |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
256 u_char text[NGX_SOCKADDR_STRLEN]; |
3274 | 257 ngx_connection_t *c; |
258 ngx_pool_cleanup_t *cln; | |
259 ngx_http_realip_ctx_t *ctx; | |
573 | 260 |
3274 | 261 cln = ngx_pool_cleanup_add(r->pool, sizeof(ngx_http_realip_ctx_t)); |
262 if (cln == NULL) { | |
263 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
264 } | |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
265 |
3274 | 266 ctx = cln->data; |
1114
3f354952e91d
fix broken values, debug logging, and style fix
Igor Sysoev <igor@sysoev.ru>
parents:
986
diff
changeset
|
267 |
3274 | 268 c = r->connection; |
269 | |
5263
05ba5bce31e0
Core: extended ngx_sock_ntop() with socklen parameter.
Vladimir Homutov <vl@nginx.com>
parents:
5084
diff
changeset
|
270 len = ngx_sock_ntop(addr->sockaddr, addr->socklen, text, |
05ba5bce31e0
Core: extended ngx_sock_ntop() with socklen parameter.
Vladimir Homutov <vl@nginx.com>
parents:
5084
diff
changeset
|
271 NGX_SOCKADDR_STRLEN, 0); |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
272 if (len == 0) { |
3274 | 273 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
274 } | |
1114
3f354952e91d
fix broken values, debug logging, and style fix
Igor Sysoev <igor@sysoev.ru>
parents:
986
diff
changeset
|
275 |
3274 | 276 p = ngx_pnalloc(c->pool, len); |
277 if (p == NULL) { | |
278 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
279 } | |
1118
cec2866f29bd
a client address must be allocated from a connection pool
Igor Sysoev <igor@sysoev.ru>
parents:
1114
diff
changeset
|
280 |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
281 ngx_memcpy(p, text, len); |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
282 |
3274 | 283 cln->handler = ngx_http_realip_cleanup; |
6671
6b1b8c4b7a95
Realip: fixed uninitialized memory access.
Roman Arutyunyan <arut@nginx.com>
parents:
6593
diff
changeset
|
284 ngx_http_set_ctx(r, ctx, ngx_http_realip_module); |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
285 |
3274 | 286 ctx->connection = c; |
287 ctx->sockaddr = c->sockaddr; | |
288 ctx->socklen = c->socklen; | |
289 ctx->addr_text = c->addr_text; | |
573 | 290 |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
291 c->sockaddr = addr->sockaddr; |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
292 c->socklen = addr->socklen; |
3274 | 293 c->addr_text.len = len; |
294 c->addr_text.data = p; | |
573 | 295 |
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
296 return NGX_DECLINED; |
573 | 297 } |
298 | |
299 | |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
300 static void |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
301 ngx_http_realip_cleanup(void *data) |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
302 { |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
303 ngx_http_realip_ctx_t *ctx = data; |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
304 |
3273
fe71be4a02f1
support IPv6 addresses in Real IP headers
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
305 ngx_connection_t *c; |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
306 |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
307 c = ctx->connection; |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
308 |
3273
fe71be4a02f1
support IPv6 addresses in Real IP headers
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
309 c->sockaddr = ctx->sockaddr; |
fe71be4a02f1
support IPv6 addresses in Real IP headers
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
310 c->socklen = ctx->socklen; |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
311 c->addr_text = ctx->addr_text; |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
312 } |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
313 |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
314 |
573 | 315 static char * |
316 ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
317 { | |
318 ngx_http_realip_loc_conf_t *rlcf = conf; | |
319 | |
6997
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
320 ngx_int_t rc; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
321 ngx_str_t *value; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
322 ngx_url_t u; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
323 ngx_cidr_t c, *cidr; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
324 ngx_uint_t i; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
325 struct sockaddr_in *sin; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
326 #if (NGX_HAVE_INET6) |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
327 struct sockaddr_in6 *sin6; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
328 #endif |
573 | 329 |
3274 | 330 value = cf->args->elts; |
331 | |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
332 if (rlcf->from == NULL) { |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
333 rlcf->from = ngx_array_create(cf->pool, 2, |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
334 sizeof(ngx_cidr_t)); |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
335 if (rlcf->from == NULL) { |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
336 return NGX_CONF_ERROR; |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
337 } |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
338 } |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
339 |
3274 | 340 #if (NGX_HAVE_UNIX_DOMAIN) |
341 | |
342 if (ngx_strcmp(value[1].data, "unix:") == 0) { | |
6997
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
343 cidr = ngx_array_push(rlcf->from); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
344 if (cidr == NULL) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
345 return NGX_CONF_ERROR; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
346 } |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
347 |
6474 | 348 cidr->family = AF_UNIX; |
349 return NGX_CONF_OK; | |
3274 | 350 } |
351 | |
352 #endif | |
353 | |
6997
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
354 rc = ngx_ptocidr(&value[1], &c); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
355 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
356 if (rc != NGX_ERROR) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
357 if (rc == NGX_DONE) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
358 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
359 "low address bits of %V are meaningless", |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
360 &value[1]); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
361 } |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
362 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
363 cidr = ngx_array_push(rlcf->from); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
364 if (cidr == NULL) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
365 return NGX_CONF_ERROR; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
366 } |
1380
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
367 |
6997
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
368 *cidr = c; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
369 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
370 return NGX_CONF_OK; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
371 } |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
372 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
373 ngx_memzero(&u, sizeof(ngx_url_t)); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
374 u.host = value[1]; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
375 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
376 if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
377 if (u.err) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
378 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
379 "%s in set_real_ip_from \"%V\"", |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
380 u.err, &u.host); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
381 } |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
382 |
573 | 383 return NGX_CONF_ERROR; |
384 } | |
385 | |
6997
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
386 cidr = ngx_array_push_n(rlcf->from, u.naddrs); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
387 if (cidr == NULL) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
388 return NGX_CONF_ERROR; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
389 } |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
390 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
391 ngx_memzero(cidr, u.naddrs * sizeof(ngx_cidr_t)); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
392 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
393 for (i = 0; i < u.naddrs; i++) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
394 cidr[i].family = u.addrs[i].sockaddr->sa_family; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
395 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
396 switch (cidr[i].family) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
397 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
398 #if (NGX_HAVE_INET6) |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
399 case AF_INET6: |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
400 sin6 = (struct sockaddr_in6 *) u.addrs[i].sockaddr; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
401 cidr[i].u.in6.addr = sin6->sin6_addr; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
402 ngx_memset(cidr[i].u.in6.mask.s6_addr, 0xff, 16); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
403 break; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
404 #endif |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
405 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
406 default: /* AF_INET */ |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
407 sin = (struct sockaddr_in *) u.addrs[i].sockaddr; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
408 cidr[i].u.in.addr = sin->sin_addr.s_addr; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
409 cidr[i].u.in.mask = 0xffffffff; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
410 break; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
411 } |
1380
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
412 } |
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
413 |
573 | 414 return NGX_CONF_OK; |
415 } | |
416 | |
417 | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
418 static char * |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
419 ngx_http_realip(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
420 { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
421 ngx_http_realip_loc_conf_t *rlcf = conf; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
422 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
423 ngx_str_t *value; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
424 |
6565
3af0e65a461a
Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents:
6563
diff
changeset
|
425 if (rlcf->type != NGX_CONF_UNSET_UINT) { |
3af0e65a461a
Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents:
6563
diff
changeset
|
426 return "is duplicate"; |
3af0e65a461a
Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents:
6563
diff
changeset
|
427 } |
3af0e65a461a
Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents:
6563
diff
changeset
|
428 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
429 value = cf->args->elts; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
430 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
431 if (ngx_strcmp(value[1].data, "X-Real-IP") == 0) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
432 rlcf->type = NGX_HTTP_REALIP_XREALIP; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
433 return NGX_CONF_OK; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
434 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
435 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
436 if (ngx_strcmp(value[1].data, "X-Forwarded-For") == 0) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
437 rlcf->type = NGX_HTTP_REALIP_XFWD; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
438 return NGX_CONF_OK; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
439 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
440 |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
441 if (ngx_strcmp(value[1].data, "proxy_protocol") == 0) { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
442 rlcf->type = NGX_HTTP_REALIP_PROXY; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
443 return NGX_CONF_OK; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
444 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
445 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
446 rlcf->type = NGX_HTTP_REALIP_HEADER; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
447 rlcf->hash = ngx_hash_strlow(value[1].data, value[1].data, value[1].len); |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
448 rlcf->header = value[1]; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
449 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
450 return NGX_CONF_OK; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
451 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
452 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
453 |
573 | 454 static void * |
455 ngx_http_realip_create_loc_conf(ngx_conf_t *cf) | |
456 { | |
457 ngx_http_realip_loc_conf_t *conf; | |
458 | |
459 conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_realip_loc_conf_t)); | |
460 if (conf == NULL) { | |
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2537
diff
changeset
|
461 return NULL; |
573 | 462 } |
463 | |
464 /* | |
465 * set by ngx_pcalloc(): | |
466 * | |
467 * conf->from = NULL; | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
468 * conf->hash = 0; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
469 * conf->header = { 0, NULL }; |
573 | 470 */ |
471 | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
472 conf->type = NGX_CONF_UNSET_UINT; |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
473 conf->recursive = NGX_CONF_UNSET; |
573 | 474 |
475 return conf; | |
476 } | |
477 | |
478 | |
479 static char * | |
480 ngx_http_realip_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) | |
481 { | |
482 ngx_http_realip_loc_conf_t *prev = parent; | |
483 ngx_http_realip_loc_conf_t *conf = child; | |
484 | |
485 if (conf->from == NULL) { | |
486 conf->from = prev->from; | |
3305
8017f9bda3f6
fix "set_real_ip_from unix:" inheritance
Igor Sysoev <igor@sysoev.ru>
parents:
3291
diff
changeset
|
487 } |
8017f9bda3f6
fix "set_real_ip_from unix:" inheritance
Igor Sysoev <igor@sysoev.ru>
parents:
3291
diff
changeset
|
488 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
489 ngx_conf_merge_uint_value(conf->type, prev->type, NGX_HTTP_REALIP_XREALIP); |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
490 ngx_conf_merge_value(conf->recursive, prev->recursive, 0); |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
491 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
492 if (conf->header.len == 0) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
493 conf->hash = prev->hash; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
494 conf->header = prev->header; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
495 } |
573 | 496 |
497 return NGX_CONF_OK; | |
498 } | |
499 | |
500 | |
501 static ngx_int_t | |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
502 ngx_http_realip_add_variables(ngx_conf_t *cf) |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
503 { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
504 ngx_http_variable_t *var, *v; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
505 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
506 for (v = ngx_http_realip_vars; v->name.len; v++) { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
507 var = ngx_http_add_variable(cf, &v->name, v->flags); |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
508 if (var == NULL) { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
509 return NGX_ERROR; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
510 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
511 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
512 var->get_handler = v->get_handler; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
513 var->data = v->data; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
514 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
515 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
516 return NGX_OK; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
517 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
518 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
519 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
520 static ngx_int_t |
681 | 521 ngx_http_realip_init(ngx_conf_t *cf) |
573 | 522 { |
523 ngx_http_handler_pt *h; | |
524 ngx_http_core_main_conf_t *cmcf; | |
525 | |
681 | 526 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); |
573 | 527 |
528 h = ngx_array_push(&cmcf->phases[NGX_HTTP_POST_READ_PHASE].handlers); | |
529 if (h == NULL) { | |
530 return NGX_ERROR; | |
531 } | |
532 | |
533 *h = ngx_http_realip_handler; | |
534 | |
581 | 535 h = ngx_array_push(&cmcf->phases[NGX_HTTP_PREACCESS_PHASE].handlers); |
573 | 536 if (h == NULL) { |
537 return NGX_ERROR; | |
538 } | |
539 | |
540 *h = ngx_http_realip_handler; | |
541 | |
542 return NGX_OK; | |
543 } | |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
544 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
545 |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
546 static ngx_http_realip_ctx_t * |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
547 ngx_http_realip_get_module_ctx(ngx_http_request_t *r) |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
548 { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
549 ngx_pool_cleanup_t *cln; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
550 ngx_http_realip_ctx_t *ctx; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
551 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
552 ctx = ngx_http_get_module_ctx(r, ngx_http_realip_module); |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
553 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
554 if (ctx == NULL && (r->internal || r->filter_finalize)) { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
555 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
556 /* |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
557 * if module context was reset, the original address |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
558 * can still be found in the cleanup handler |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
559 */ |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
560 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
561 for (cln = r->pool->cleanup; cln; cln = cln->next) { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
562 if (cln->handler == ngx_http_realip_cleanup) { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
563 ctx = cln->data; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
564 break; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
565 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
566 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
567 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
568 |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
569 return ctx; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
570 } |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
571 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
572 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
573 static ngx_int_t |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
574 ngx_http_realip_remote_addr_variable(ngx_http_request_t *r, |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
575 ngx_http_variable_value_t *v, uintptr_t data) |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
576 { |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
577 ngx_str_t *addr_text; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
578 ngx_http_realip_ctx_t *ctx; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
579 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
580 ctx = ngx_http_realip_get_module_ctx(r); |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
581 |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
582 addr_text = ctx ? &ctx->addr_text : &r->connection->addr_text; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
583 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
584 v->len = addr_text->len; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
585 v->valid = 1; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
586 v->no_cacheable = 0; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
587 v->not_found = 0; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
588 v->data = addr_text->data; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
589 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
590 return NGX_OK; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
591 } |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
592 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
593 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
594 static ngx_int_t |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
595 ngx_http_realip_remote_port_variable(ngx_http_request_t *r, |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
596 ngx_http_variable_value_t *v, uintptr_t data) |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
597 { |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
598 ngx_uint_t port; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
599 struct sockaddr *sa; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
600 ngx_http_realip_ctx_t *ctx; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
601 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
602 ctx = ngx_http_realip_get_module_ctx(r); |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
603 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
604 sa = ctx ? ctx->sockaddr : r->connection->sockaddr; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
605 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
606 v->len = 0; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
607 v->valid = 1; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
608 v->no_cacheable = 0; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
609 v->not_found = 0; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
610 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
611 v->data = ngx_pnalloc(r->pool, sizeof("65535") - 1); |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
612 if (v->data == NULL) { |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
613 return NGX_ERROR; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
614 } |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
615 |
6593
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6565
diff
changeset
|
616 port = ngx_inet_get_port(sa); |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
617 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
618 if (port > 0 && port < 65536) { |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
619 v->len = ngx_sprintf(v->data, "%ui", port) - v->data; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
620 } |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
621 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
622 return NGX_OK; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
623 } |