Mercurial > hg > nginx

annotate src/http/modules/ngx_http_realip_module.c @ 7732:59e1c73fe02b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: ssl_reject_handshake directive (ticket #195). In some cases it might be needed to reject SSL handshake based on SNI server name provided, for example, to make sure an invalid certificate is not returned to clients trying to contact a name-based virtual server without SSL configured. Previously, a "ssl_ciphers aNULL;" was used for this. This workaround, however, is not compatible with TLSv1.3, in particular, when using BoringSSL, where it is not possible to configure TLSv1.3 ciphers at all. With this change, the ssl_reject_handshake directive is introduced, which instructs nginx to reject SSL handshakes with an "unrecognized_name" alert in a particular server block. For example, to reject handshake with names other than example.com, one can use the following configuration: server { listen 443 ssl; ssl_reject_handshake on; } server { listen 443 ssl; server_name example.com; ssl_certificate example.com.crt; ssl_certificate_key example.com.key; } The following configuration can be used to reject all SSL handshakes without SNI server name provided: server { listen 443 ssl; ssl_reject_handshake on; } server { listen 443 ssl; server_name ~^; ssl_certificate example.crt; ssl_certificate_key example.key; } Additionally, the ssl_reject_handshake directive makes configuring certificates for the default server block optional. If no certificates are configured in the default server for a given listening socket, certificates must be defined in all non-default server blocks with the listening socket in question.
author Maxim Dounin <mdounin@mdounin.ru>
date Thu, 22 Oct 2020 18:02:28 +0300
parents 06b01840bd42
children ef6a3a99a81a
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
1
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
2 /*
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
3 * Copyright (C) Igor Sysoev
4412
d620f497c50f Copyright updated.
Maxim Konovalov <maxim@nginx.com>
parents: 3305
diff changeset
4 * Copyright (C) Nginx, Inc.
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
5 */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
6
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
7
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
8 #include <ngx_config.h>
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
9 #include <ngx_core.h>
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
10 #include <ngx_http.h>
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
11
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
12
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
13 #define NGX_HTTP_REALIP_XREALIP 0
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
14 #define NGX_HTTP_REALIP_XFWD 1
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
15 #define NGX_HTTP_REALIP_HEADER 2
5605
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
16 #define NGX_HTTP_REALIP_PROXY 3
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
17
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
18
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
19 typedef struct {
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
20 ngx_array_t *from; /* array of ngx_cidr_t */
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
21 ngx_uint_t type;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
22 ngx_uint_t hash;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
23 ngx_str_t header;
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
24 ngx_flag_t recursive;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
25 } ngx_http_realip_loc_conf_t;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
26
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
27
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
28 typedef struct {
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
29 ngx_connection_t *connection;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
30 struct sockaddr *sockaddr;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
31 socklen_t socklen;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
32 ngx_str_t addr_text;
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
33 } ngx_http_realip_ctx_t;
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
34
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
35
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
36 static ngx_int_t ngx_http_realip_handler(ngx_http_request_t *r);
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
37 static ngx_int_t ngx_http_realip_set_addr(ngx_http_request_t *r,
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
38 ngx_addr_t *addr);
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
39 static void ngx_http_realip_cleanup(void *data);
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
40 static char *ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
41 void *conf);
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
42 static char *ngx_http_realip(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
43 static void *ngx_http_realip_create_loc_conf(ngx_conf_t *cf);
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
44 static char *ngx_http_realip_merge_loc_conf(ngx_conf_t *cf,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
45 void *parent, void *child);
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
46 static ngx_int_t ngx_http_realip_add_variables(ngx_conf_t *cf);
681
7e24168b0853 nginx-0.4.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 667
diff changeset
47 static ngx_int_t ngx_http_realip_init(ngx_conf_t *cf);
6562
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
48 static ngx_http_realip_ctx_t *ngx_http_realip_get_module_ctx(
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
49 ngx_http_request_t *r);
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
50
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
51
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
52 static ngx_int_t ngx_http_realip_remote_addr_variable(ngx_http_request_t *r,
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
53 ngx_http_variable_value_t *v, uintptr_t data);
6562
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
54 static ngx_int_t ngx_http_realip_remote_port_variable(ngx_http_request_t *r,
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
55 ngx_http_variable_value_t *v, uintptr_t data);
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
56
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
57
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
58 static ngx_command_t ngx_http_realip_commands[] = {
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
59
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
60 { ngx_string("set_real_ip_from"),
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
61 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
62 ngx_http_realip_from,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
63 NGX_HTTP_LOC_CONF_OFFSET,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
64 0,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
65 NULL },
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
66
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
67 { ngx_string("real_ip_header"),
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
68 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
69 ngx_http_realip,
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
70 NGX_HTTP_LOC_CONF_OFFSET,
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
71 0,
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
72 NULL },
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
73
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
74 { ngx_string("real_ip_recursive"),
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
75 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
76 ngx_conf_set_flag_slot,
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
77 NGX_HTTP_LOC_CONF_OFFSET,
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
78 offsetof(ngx_http_realip_loc_conf_t, recursive),
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
79 NULL },
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
80
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
81 ngx_null_command
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
82 };
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
83
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
84
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
85
667
63a820b0bc6c nginx-0.3.55-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 663
diff changeset
86 static ngx_http_module_t ngx_http_realip_module_ctx = {
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
87 ngx_http_realip_add_variables, /* preconfiguration */
681
7e24168b0853 nginx-0.4.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 667
diff changeset
88 ngx_http_realip_init, /* postconfiguration */
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
89
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
90 NULL, /* create main configuration */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
91 NULL, /* init main configuration */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
92
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
93 NULL, /* create server configuration */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
94 NULL, /* merge server configuration */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
95
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
96 ngx_http_realip_create_loc_conf, /* create location configuration */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
97 ngx_http_realip_merge_loc_conf /* merge location configuration */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
98 };
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
99
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
100
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
101 ngx_module_t ngx_http_realip_module = {
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
102 NGX_MODULE_V1,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
103 &ngx_http_realip_module_ctx, /* module context */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
104 ngx_http_realip_commands, /* module directives */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
105 NGX_HTTP_MODULE, /* module type */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
106 NULL, /* init master */
681
7e24168b0853 nginx-0.4.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 667
diff changeset
107 NULL, /* init module */
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
108 NULL, /* init process */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
109 NULL, /* init thread */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
110 NULL, /* exit thread */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
111 NULL, /* exit process */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
112 NULL, /* exit master */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
113 NGX_MODULE_V1_PADDING
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
114 };
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
115
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
116
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
117 static ngx_http_variable_t ngx_http_realip_vars[] = {
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
118
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
119 { ngx_string("realip_remote_addr"), NULL,
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
120 ngx_http_realip_remote_addr_variable, 0, 0, 0 },
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
121
6562
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
122 { ngx_string("realip_remote_port"), NULL,
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
123 ngx_http_realip_remote_port_variable, 0, 0, 0 },
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
124
7077
2a288909abc6 Variables: macros for null variables.
Ruslan Ermilov <ru@nginx.com>
parents: 6997
diff changeset
125 ngx_http_null_variable
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
126 };
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
127
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
128
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
129 static ngx_int_t
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
130 ngx_http_realip_handler(ngx_http_request_t *r)
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
131 {
5084
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
132 u_char *p;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
133 size_t len;
5084
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
134 ngx_str_t *value;
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
135 ngx_uint_t i, hash;
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
136 ngx_addr_t addr;
5084
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
137 ngx_array_t *xfwd;
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
138 ngx_list_part_t *part;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
139 ngx_table_elt_t *header;
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
140 ngx_connection_t *c;
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
141 ngx_http_realip_ctx_t *ctx;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
142 ngx_http_realip_loc_conf_t *rlcf;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
143
6729
cecf415643d7 Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6671
diff changeset
144 rlcf = ngx_http_get_module_loc_conf(r, ngx_http_realip_module);
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
145
6729
cecf415643d7 Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6671
diff changeset
146 if (rlcf->from == NULL) {
986
68c85f283043 ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents: 681
diff changeset
147 return NGX_DECLINED;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
148 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
149
6729
cecf415643d7 Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6671
diff changeset
150 ctx = ngx_http_realip_get_module_ctx(r);
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
151
6729
cecf415643d7 Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6671
diff changeset
152 if (ctx) {
986
68c85f283043 ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents: 681
diff changeset
153 return NGX_DECLINED;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
154 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
155
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
156 switch (rlcf->type) {
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
157
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
158 case NGX_HTTP_REALIP_XREALIP:
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
159
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
160 if (r->headers_in.x_real_ip == NULL) {
986
68c85f283043 ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents: 681
diff changeset
161 return NGX_DECLINED;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
162 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
163
5084
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
164 value = &r->headers_in.x_real_ip->value;
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
165 xfwd = NULL;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
166
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
167 break;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
168
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
169 case NGX_HTTP_REALIP_XFWD:
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
170
5084
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
171 xfwd = &r->headers_in.x_forwarded_for;
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
172
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
173 if (xfwd->elts == NULL) {
986
68c85f283043 ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents: 681
diff changeset
174 return NGX_DECLINED;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
175 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
176
5084
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
177 value = NULL;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
178
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
179 break;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
180
5605
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
181 case NGX_HTTP_REALIP_PROXY:
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
182
7590
06b01840bd42 Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents: 7077
diff changeset
183 if (r->connection->proxy_protocol == NULL) {
5605
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
184 return NGX_DECLINED;
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
185 }
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
186
7590
06b01840bd42 Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents: 7077
diff changeset
187 value = &r->connection->proxy_protocol->src_addr;
5605
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
188 xfwd = NULL;
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
189
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
190 break;
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
191
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
192 default: /* NGX_HTTP_REALIP_HEADER */
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
193
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
194 part = &r->headers_in.headers.part;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
195 header = part->elts;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
196
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
197 hash = rlcf->hash;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
198 len = rlcf->header.len;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
199 p = rlcf->header.data;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
200
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
201 for (i = 0; /* void */ ; i++) {
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
202
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
203 if (i >= part->nelts) {
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
204 if (part->next == NULL) {
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
205 break;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
206 }
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
207
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
208 part = part->next;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
209 header = part->elts;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
210 i = 0;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
211 }
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
212
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
213 if (hash == header[i].hash
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
214 && len == header[i].key.len
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
215 && ngx_strncmp(p, header[i].lowcase_key, len) == 0)
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
216 {
5084
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
217 value = &header[i].value;
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
218 xfwd = NULL;
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
219
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
220 goto found;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
221 }
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
222 }
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
223
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
224 return NGX_DECLINED;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
225 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
226
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
227 found:
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
228
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
229 c = r->connection;
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
230
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
231 addr.sockaddr = c->sockaddr;
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
232 addr.socklen = c->socklen;
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
233 /* addr.name = c->addr_text; */
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
234
5084
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
235 if (ngx_http_get_forwarded_addr(r, &addr, xfwd, value, rlcf->from,
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
236 rlcf->recursive)
5084
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
237 != NGX_DECLINED)
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
238 {
6563
26feae43987f Realip: take client port from PROXY protocol header.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6562
diff changeset
239 if (rlcf->type == NGX_HTTP_REALIP_PROXY) {
7590
06b01840bd42 Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents: 7077
diff changeset
240 ngx_inet_set_port(addr.sockaddr, c->proxy_protocol->src_port);
6563
26feae43987f Realip: take client port from PROXY protocol header.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6562
diff changeset
241 }
26feae43987f Realip: take client port from PROXY protocol header.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6562
diff changeset
242
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
243 return ngx_http_realip_set_addr(r, &addr);
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
244 }
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
245
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
246 return NGX_DECLINED;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
247 }
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
248
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
249
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
250 static ngx_int_t
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
251 ngx_http_realip_set_addr(ngx_http_request_t *r, ngx_addr_t *addr)
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
252 {
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
253 size_t len;
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
254 u_char *p;
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
255 u_char text[NGX_SOCKADDR_STRLEN];
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
256 ngx_connection_t *c;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
257 ngx_pool_cleanup_t *cln;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
258 ngx_http_realip_ctx_t *ctx;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
259
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
260 cln = ngx_pool_cleanup_add(r->pool, sizeof(ngx_http_realip_ctx_t));
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
261 if (cln == NULL) {
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
262 return NGX_HTTP_INTERNAL_SERVER_ERROR;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
263 }
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
264
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
265 ctx = cln->data;
1114
3f354952e91d fix broken values, debug logging, and style fix
Igor Sysoev <igor@sysoev.ru>
parents: 986
diff changeset
266
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
267 c = r->connection;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
268
5263
05ba5bce31e0 Core: extended ngx_sock_ntop() with socklen parameter.
Vladimir Homutov <vl@nginx.com>
parents: 5084
diff changeset
269 len = ngx_sock_ntop(addr->sockaddr, addr->socklen, text,
05ba5bce31e0 Core: extended ngx_sock_ntop() with socklen parameter.
Vladimir Homutov <vl@nginx.com>
parents: 5084
diff changeset
270 NGX_SOCKADDR_STRLEN, 0);
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
271 if (len == 0) {
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
272 return NGX_HTTP_INTERNAL_SERVER_ERROR;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
273 }
1114
3f354952e91d fix broken values, debug logging, and style fix
Igor Sysoev <igor@sysoev.ru>
parents: 986
diff changeset
274
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
275 p = ngx_pnalloc(c->pool, len);
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
276 if (p == NULL) {
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
277 return NGX_HTTP_INTERNAL_SERVER_ERROR;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
278 }
1118
cec2866f29bd a client address must be allocated from a connection pool
Igor Sysoev <igor@sysoev.ru>
parents: 1114
diff changeset
279
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
280 ngx_memcpy(p, text, len);
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
281
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
282 cln->handler = ngx_http_realip_cleanup;
6671
6b1b8c4b7a95 Realip: fixed uninitialized memory access.
Roman Arutyunyan <arut@nginx.com>
parents: 6593
diff changeset
283 ngx_http_set_ctx(r, ctx, ngx_http_realip_module);
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
284
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
285 ctx->connection = c;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
286 ctx->sockaddr = c->sockaddr;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
287 ctx->socklen = c->socklen;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
288 ctx->addr_text = c->addr_text;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
289
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
290 c->sockaddr = addr->sockaddr;
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
291 c->socklen = addr->socklen;
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
292 c->addr_text.len = len;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
293 c->addr_text.data = p;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
294
986
68c85f283043 ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents: 681
diff changeset
295 return NGX_DECLINED;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
296 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
297
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
298
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
299 static void
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
300 ngx_http_realip_cleanup(void *data)
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
301 {
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
302 ngx_http_realip_ctx_t *ctx = data;
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
303
3273
fe71be4a02f1 support IPv6 addresses in Real IP headers
Igor Sysoev <igor@sysoev.ru>
parents: 3267
diff changeset
304 ngx_connection_t *c;
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
305
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
306 c = ctx->connection;
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
307
3273
fe71be4a02f1 support IPv6 addresses in Real IP headers
Igor Sysoev <igor@sysoev.ru>
parents: 3267
diff changeset
308 c->sockaddr = ctx->sockaddr;
fe71be4a02f1 support IPv6 addresses in Real IP headers
Igor Sysoev <igor@sysoev.ru>
parents: 3267
diff changeset
309 c->socklen = ctx->socklen;
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
310 c->addr_text = ctx->addr_text;
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
311 }
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
312
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
313
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
314 static char *
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
315 ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
316 {
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
317 ngx_http_realip_loc_conf_t *rlcf = conf;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
318
6997
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
319 ngx_int_t rc;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
320 ngx_str_t *value;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
321 ngx_url_t u;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
322 ngx_cidr_t c, *cidr;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
323 ngx_uint_t i;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
324 struct sockaddr_in *sin;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
325 #if (NGX_HAVE_INET6)
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
326 struct sockaddr_in6 *sin6;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
327 #endif
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
328
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
329 value = cf->args->elts;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
330
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
331 if (rlcf->from == NULL) {
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
332 rlcf->from = ngx_array_create(cf->pool, 2,
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
333 sizeof(ngx_cidr_t));
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
334 if (rlcf->from == NULL) {
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
335 return NGX_CONF_ERROR;
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
336 }
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
337 }
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
338
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
339 #if (NGX_HAVE_UNIX_DOMAIN)
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
340
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
341 if (ngx_strcmp(value[1].data, "unix:") == 0) {
6997
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
342 cidr = ngx_array_push(rlcf->from);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
343 if (cidr == NULL) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
344 return NGX_CONF_ERROR;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
345 }
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
346
6474
Ruslan Ermilov <ru@nginx.com>
parents: 6294
diff changeset
347 cidr->family = AF_UNIX;
Ruslan Ermilov <ru@nginx.com>
parents: 6294
diff changeset
348 return NGX_CONF_OK;
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
349 }
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
350
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
351 #endif
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
352
6997
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
353 rc = ngx_ptocidr(&value[1], &c);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
354
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
355 if (rc != NGX_ERROR) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
356 if (rc == NGX_DONE) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
357 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
358 "low address bits of %V are meaningless",
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
359 &value[1]);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
360 }
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
361
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
362 cidr = ngx_array_push(rlcf->from);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
363 if (cidr == NULL) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
364 return NGX_CONF_ERROR;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
365 }
1380
b590a528fd41 ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents: 1118
diff changeset
366
6997
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
367 *cidr = c;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
368
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
369 return NGX_CONF_OK;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
370 }
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
371
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
372 ngx_memzero(&u, sizeof(ngx_url_t));
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
373 u.host = value[1];
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
374
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
375 if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
376 if (u.err) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
377 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
378 "%s in set_real_ip_from \"%V\"",
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
379 u.err, &u.host);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
380 }
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
381
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
382 return NGX_CONF_ERROR;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
383 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
384
6997
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
385 cidr = ngx_array_push_n(rlcf->from, u.naddrs);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
386 if (cidr == NULL) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
387 return NGX_CONF_ERROR;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
388 }
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
389
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
390 ngx_memzero(cidr, u.naddrs * sizeof(ngx_cidr_t));
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
391
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
392 for (i = 0; i < u.naddrs; i++) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
393 cidr[i].family = u.addrs[i].sockaddr->sa_family;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
394
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
395 switch (cidr[i].family) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
396
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
397 #if (NGX_HAVE_INET6)
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
398 case AF_INET6:
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
399 sin6 = (struct sockaddr_in6 *) u.addrs[i].sockaddr;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
400 cidr[i].u.in6.addr = sin6->sin6_addr;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
401 ngx_memset(cidr[i].u.in6.mask.s6_addr, 0xff, 16);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
402 break;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
403 #endif
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
404
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
405 default: /* AF_INET */
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
406 sin = (struct sockaddr_in *) u.addrs[i].sockaddr;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
407 cidr[i].u.in.addr = sin->sin_addr.s_addr;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
408 cidr[i].u.in.mask = 0xffffffff;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
409 break;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6729
diff changeset
410 }
1380
b590a528fd41 ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents: 1118
diff changeset
411 }
b590a528fd41 ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents: 1118
diff changeset
412
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
413 return NGX_CONF_OK;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
414 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
415
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
416
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
417 static char *
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
418 ngx_http_realip(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
419 {
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
420 ngx_http_realip_loc_conf_t *rlcf = conf;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
421
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
422 ngx_str_t *value;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
423
6565
3af0e65a461a Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents: 6563
diff changeset
424 if (rlcf->type != NGX_CONF_UNSET_UINT) {
3af0e65a461a Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents: 6563
diff changeset
425 return "is duplicate";
3af0e65a461a Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents: 6563
diff changeset
426 }
3af0e65a461a Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents: 6563
diff changeset
427
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
428 value = cf->args->elts;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
429
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
430 if (ngx_strcmp(value[1].data, "X-Real-IP") == 0) {
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
431 rlcf->type = NGX_HTTP_REALIP_XREALIP;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
432 return NGX_CONF_OK;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
433 }
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
434
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
435 if (ngx_strcmp(value[1].data, "X-Forwarded-For") == 0) {
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
436 rlcf->type = NGX_HTTP_REALIP_XFWD;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
437 return NGX_CONF_OK;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
438 }
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
439
5605
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
440 if (ngx_strcmp(value[1].data, "proxy_protocol") == 0) {
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
441 rlcf->type = NGX_HTTP_REALIP_PROXY;
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
442 return NGX_CONF_OK;
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
443 }
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
444
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
445 rlcf->type = NGX_HTTP_REALIP_HEADER;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
446 rlcf->hash = ngx_hash_strlow(value[1].data, value[1].data, value[1].len);
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
447 rlcf->header = value[1];
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
448
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
449 return NGX_CONF_OK;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
450 }
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
451
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
452
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
453 static void *
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
454 ngx_http_realip_create_loc_conf(ngx_conf_t *cf)
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
455 {
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
456 ngx_http_realip_loc_conf_t *conf;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
457
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
458 conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_realip_loc_conf_t));
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
459 if (conf == NULL) {
2912
c7d57b539248 return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents: 2537
diff changeset
460 return NULL;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
461 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
462
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
463 /*
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
464 * set by ngx_pcalloc():
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
465 *
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
466 * conf->from = NULL;
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
467 * conf->hash = 0;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
468 * conf->header = { 0, NULL };
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
469 */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
470
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
471 conf->type = NGX_CONF_UNSET_UINT;
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
472 conf->recursive = NGX_CONF_UNSET;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
473
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
474 return conf;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
475 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
476
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
477
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
478 static char *
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
479 ngx_http_realip_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
480 {
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
481 ngx_http_realip_loc_conf_t *prev = parent;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
482 ngx_http_realip_loc_conf_t *conf = child;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
483
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
484 if (conf->from == NULL) {
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
485 conf->from = prev->from;
3305
8017f9bda3f6 fix "set_real_ip_from unix:" inheritance
Igor Sysoev <igor@sysoev.ru>
parents: 3291
diff changeset
486 }
8017f9bda3f6 fix "set_real_ip_from unix:" inheritance
Igor Sysoev <igor@sysoev.ru>
parents: 3291
diff changeset
487
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
488 ngx_conf_merge_uint_value(conf->type, prev->type, NGX_HTTP_REALIP_XREALIP);
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
489 ngx_conf_merge_value(conf->recursive, prev->recursive, 0);
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
490
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
491 if (conf->header.len == 0) {
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
492 conf->hash = prev->hash;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
493 conf->header = prev->header;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
494 }
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
495
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
496 return NGX_CONF_OK;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
497 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
498
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
499
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
500 static ngx_int_t
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
501 ngx_http_realip_add_variables(ngx_conf_t *cf)
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
502 {
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
503 ngx_http_variable_t *var, *v;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
504
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
505 for (v = ngx_http_realip_vars; v->name.len; v++) {
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
506 var = ngx_http_add_variable(cf, &v->name, v->flags);
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
507 if (var == NULL) {
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
508 return NGX_ERROR;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
509 }
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
510
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
511 var->get_handler = v->get_handler;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
512 var->data = v->data;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
513 }
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
514
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
515 return NGX_OK;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
516 }
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
517
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
518
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
519 static ngx_int_t
681
7e24168b0853 nginx-0.4.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 667
diff changeset
520 ngx_http_realip_init(ngx_conf_t *cf)
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
521 {
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
522 ngx_http_handler_pt *h;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
523 ngx_http_core_main_conf_t *cmcf;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
524
681
7e24168b0853 nginx-0.4.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 667
diff changeset
525 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
526
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
527 h = ngx_array_push(&cmcf->phases[NGX_HTTP_POST_READ_PHASE].handlers);
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
528 if (h == NULL) {
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
529 return NGX_ERROR;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
530 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
531
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
532 *h = ngx_http_realip_handler;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
533
581
326634fb9d47 nginx-0.3.12-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 573
diff changeset
534 h = ngx_array_push(&cmcf->phases[NGX_HTTP_PREACCESS_PHASE].handlers);
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
535 if (h == NULL) {
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
536 return NGX_ERROR;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
537 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
538
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
539 *h = ngx_http_realip_handler;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
540
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
541 return NGX_OK;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
542 }
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
543
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
544
6562
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
545 static ngx_http_realip_ctx_t *
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
546 ngx_http_realip_get_module_ctx(ngx_http_request_t *r)
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
547 {
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
548 ngx_pool_cleanup_t *cln;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
549 ngx_http_realip_ctx_t *ctx;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
550
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
551 ctx = ngx_http_get_module_ctx(r, ngx_http_realip_module);
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
552
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
553 if (ctx == NULL && (r->internal || r->filter_finalize)) {
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
554
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
555 /*
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
556 * if module context was reset, the original address
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
557 * can still be found in the cleanup handler
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
558 */
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
559
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
560 for (cln = r->pool->cleanup; cln; cln = cln->next) {
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
561 if (cln->handler == ngx_http_realip_cleanup) {
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
562 ctx = cln->data;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
563 break;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
564 }
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
565 }
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
566 }
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
567
6562
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
568 return ctx;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
569 }
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
570
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
571
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
572 static ngx_int_t
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
573 ngx_http_realip_remote_addr_variable(ngx_http_request_t *r,
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
574 ngx_http_variable_value_t *v, uintptr_t data)
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
575 {
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
576 ngx_str_t *addr_text;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
577 ngx_http_realip_ctx_t *ctx;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
578
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
579 ctx = ngx_http_realip_get_module_ctx(r);
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
580
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
581 addr_text = ctx ? &ctx->addr_text : &r->connection->addr_text;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
582
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
583 v->len = addr_text->len;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
584 v->valid = 1;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
585 v->no_cacheable = 0;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
586 v->not_found = 0;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
587 v->data = addr_text->data;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
588
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
589 return NGX_OK;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
590 }
6562
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
591
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
592
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
593 static ngx_int_t
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
594 ngx_http_realip_remote_port_variable(ngx_http_request_t *r,
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
595 ngx_http_variable_value_t *v, uintptr_t data)
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
596 {
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
597 ngx_uint_t port;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
598 struct sockaddr *sa;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
599 ngx_http_realip_ctx_t *ctx;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
600
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
601 ctx = ngx_http_realip_get_module_ctx(r);
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
602
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
603 sa = ctx ? ctx->sockaddr : r->connection->sockaddr;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
604
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
605 v->len = 0;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
606 v->valid = 1;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
607 v->no_cacheable = 0;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
608 v->not_found = 0;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
609
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
610 v->data = ngx_pnalloc(r->pool, sizeof("65535") - 1);
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
611 if (v->data == NULL) {
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
612 return NGX_ERROR;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
613 }
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
614
6593
b3b7e33083ac Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents: 6565
diff changeset
615 port = ngx_inet_get_port(sa);
6562
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
616
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
617 if (port > 0 && port < 65536) {
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
618 v->len = ngx_sprintf(v->data, "%ui", port) - v->data;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
619 }
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
620
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
621 return NGX_OK;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
622 }