Mercurial > hg > nginx

annotate src/http/modules/ngx_http_realip_module.c @ 6785:d1d0dd69a419

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Upstream: added the ngx_http_upstream_resolved_t.name field. This fixes inconsistency in what is stored in the "host" field. Normally it would contain the "host" part of the parsed URL (e.g., proxy_pass with variables), but for the case of an implicit upstream specified with literal address it contained the text representation of the socket address (that is, host including port for IP). Now the "host" field always contains the "host" part of the URL, while the text representation of the socket address is stored in the newly added "name" field. The ngx_http_upstream_create_round_robin_peer() function was modified accordingly in a way to be compatible with the code that does not know about the new "name" field. The "stream" code was similarly modified except for not adding compatibility in ngx_stream_upstream_create_round_robin_peer(). This change is also a prerequisite for the next change.
author Ruslan Ermilov <ru@nginx.com>
date Mon, 31 Oct 2016 18:33:33 +0300
parents cecf415643d7
children df1a62c83b1b
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
1
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
2 /*
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
3 * Copyright (C) Igor Sysoev
4412
d620f497c50f Copyright updated.
Maxim Konovalov <maxim@nginx.com>
parents: 3305
diff changeset
4 * Copyright (C) Nginx, Inc.
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
5 */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
6
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
7
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
8 #include <ngx_config.h>
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
9 #include <ngx_core.h>
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
10 #include <ngx_http.h>
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
11
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
12
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
13 #define NGX_HTTP_REALIP_XREALIP 0
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
14 #define NGX_HTTP_REALIP_XFWD 1
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
15 #define NGX_HTTP_REALIP_HEADER 2
5605
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
16 #define NGX_HTTP_REALIP_PROXY 3
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
17
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
18
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
19 typedef struct {
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
20 ngx_array_t *from; /* array of ngx_cidr_t */
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
21 ngx_uint_t type;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
22 ngx_uint_t hash;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
23 ngx_str_t header;
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
24 ngx_flag_t recursive;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
25 } ngx_http_realip_loc_conf_t;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
26
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
27
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
28 typedef struct {
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
29 ngx_connection_t *connection;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
30 struct sockaddr *sockaddr;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
31 socklen_t socklen;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
32 ngx_str_t addr_text;
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
33 } ngx_http_realip_ctx_t;
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
34
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
35
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
36 static ngx_int_t ngx_http_realip_handler(ngx_http_request_t *r);
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
37 static ngx_int_t ngx_http_realip_set_addr(ngx_http_request_t *r,
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
38 ngx_addr_t *addr);
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
39 static void ngx_http_realip_cleanup(void *data);
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
40 static char *ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
41 void *conf);
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
42 static char *ngx_http_realip(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
43 static void *ngx_http_realip_create_loc_conf(ngx_conf_t *cf);
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
44 static char *ngx_http_realip_merge_loc_conf(ngx_conf_t *cf,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
45 void *parent, void *child);
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
46 static ngx_int_t ngx_http_realip_add_variables(ngx_conf_t *cf);
681
7e24168b0853 nginx-0.4.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 667
diff changeset
47 static ngx_int_t ngx_http_realip_init(ngx_conf_t *cf);
6562
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
48 static ngx_http_realip_ctx_t *ngx_http_realip_get_module_ctx(
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
49 ngx_http_request_t *r);
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
50
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
51
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
52 static ngx_int_t ngx_http_realip_remote_addr_variable(ngx_http_request_t *r,
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
53 ngx_http_variable_value_t *v, uintptr_t data);
6562
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
54 static ngx_int_t ngx_http_realip_remote_port_variable(ngx_http_request_t *r,
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
55 ngx_http_variable_value_t *v, uintptr_t data);
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
56
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
57
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
58 static ngx_command_t ngx_http_realip_commands[] = {
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
59
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
60 { ngx_string("set_real_ip_from"),
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
61 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
62 ngx_http_realip_from,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
63 NGX_HTTP_LOC_CONF_OFFSET,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
64 0,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
65 NULL },
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
66
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
67 { ngx_string("real_ip_header"),
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
68 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
69 ngx_http_realip,
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
70 NGX_HTTP_LOC_CONF_OFFSET,
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
71 0,
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
72 NULL },
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
73
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
74 { ngx_string("real_ip_recursive"),
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
75 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
76 ngx_conf_set_flag_slot,
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
77 NGX_HTTP_LOC_CONF_OFFSET,
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
78 offsetof(ngx_http_realip_loc_conf_t, recursive),
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
79 NULL },
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
80
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
81 ngx_null_command
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
82 };
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
83
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
84
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
85
667
63a820b0bc6c nginx-0.3.55-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 663
diff changeset
86 static ngx_http_module_t ngx_http_realip_module_ctx = {
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
87 ngx_http_realip_add_variables, /* preconfiguration */
681
7e24168b0853 nginx-0.4.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 667
diff changeset
88 ngx_http_realip_init, /* postconfiguration */
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
89
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
90 NULL, /* create main configuration */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
91 NULL, /* init main configuration */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
92
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
93 NULL, /* create server configuration */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
94 NULL, /* merge server configuration */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
95
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
96 ngx_http_realip_create_loc_conf, /* create location configuration */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
97 ngx_http_realip_merge_loc_conf /* merge location configuration */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
98 };
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
99
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
100
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
101 ngx_module_t ngx_http_realip_module = {
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
102 NGX_MODULE_V1,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
103 &ngx_http_realip_module_ctx, /* module context */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
104 ngx_http_realip_commands, /* module directives */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
105 NGX_HTTP_MODULE, /* module type */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
106 NULL, /* init master */
681
7e24168b0853 nginx-0.4.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 667
diff changeset
107 NULL, /* init module */
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
108 NULL, /* init process */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
109 NULL, /* init thread */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
110 NULL, /* exit thread */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
111 NULL, /* exit process */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
112 NULL, /* exit master */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
113 NGX_MODULE_V1_PADDING
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
114 };
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
115
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
116
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
117 static ngx_http_variable_t ngx_http_realip_vars[] = {
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
118
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
119 { ngx_string("realip_remote_addr"), NULL,
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
120 ngx_http_realip_remote_addr_variable, 0, 0, 0 },
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
121
6562
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
122 { ngx_string("realip_remote_port"), NULL,
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
123 ngx_http_realip_remote_port_variable, 0, 0, 0 },
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
124
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
125 { ngx_null_string, NULL, NULL, 0, 0, 0 }
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
126 };
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
127
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
128
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
129 static ngx_int_t
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
130 ngx_http_realip_handler(ngx_http_request_t *r)
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
131 {
5084
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
132 u_char *p;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
133 size_t len;
5084
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
134 ngx_str_t *value;
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
135 ngx_uint_t i, hash;
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
136 ngx_addr_t addr;
5084
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
137 ngx_array_t *xfwd;
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
138 ngx_list_part_t *part;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
139 ngx_table_elt_t *header;
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
140 ngx_connection_t *c;
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
141 ngx_http_realip_ctx_t *ctx;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
142 ngx_http_realip_loc_conf_t *rlcf;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
143
6729
cecf415643d7 Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6671
diff changeset
144 rlcf = ngx_http_get_module_loc_conf(r, ngx_http_realip_module);
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
145
6729
cecf415643d7 Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6671
diff changeset
146 if (rlcf->from == NULL) {
986
68c85f283043 ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents: 681
diff changeset
147 return NGX_DECLINED;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
148 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
149
6729
cecf415643d7 Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6671
diff changeset
150 ctx = ngx_http_realip_get_module_ctx(r);
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
151
6729
cecf415643d7 Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6671
diff changeset
152 if (ctx) {
986
68c85f283043 ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents: 681
diff changeset
153 return NGX_DECLINED;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
154 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
155
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
156 switch (rlcf->type) {
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
157
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
158 case NGX_HTTP_REALIP_XREALIP:
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
159
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
160 if (r->headers_in.x_real_ip == NULL) {
986
68c85f283043 ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents: 681
diff changeset
161 return NGX_DECLINED;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
162 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
163
5084
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
164 value = &r->headers_in.x_real_ip->value;
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
165 xfwd = NULL;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
166
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
167 break;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
168
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
169 case NGX_HTTP_REALIP_XFWD:
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
170
5084
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
171 xfwd = &r->headers_in.x_forwarded_for;
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
172
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
173 if (xfwd->elts == NULL) {
986
68c85f283043 ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents: 681
diff changeset
174 return NGX_DECLINED;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
175 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
176
5084
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
177 value = NULL;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
178
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
179 break;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
180
5605
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
181 case NGX_HTTP_REALIP_PROXY:
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
182
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
183 value = &r->connection->proxy_protocol_addr;
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
184
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
185 if (value->len == 0) {
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
186 return NGX_DECLINED;
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
187 }
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
188
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
189 xfwd = NULL;
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
190
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
191 break;
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
192
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
193 default: /* NGX_HTTP_REALIP_HEADER */
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
194
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
195 part = &r->headers_in.headers.part;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
196 header = part->elts;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
197
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
198 hash = rlcf->hash;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
199 len = rlcf->header.len;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
200 p = rlcf->header.data;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
201
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
202 for (i = 0; /* void */ ; i++) {
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
203
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
204 if (i >= part->nelts) {
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
205 if (part->next == NULL) {
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
206 break;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
207 }
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
208
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
209 part = part->next;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
210 header = part->elts;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
211 i = 0;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
212 }
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
213
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
214 if (hash == header[i].hash
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
215 && len == header[i].key.len
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
216 && ngx_strncmp(p, header[i].lowcase_key, len) == 0)
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
217 {
5084
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
218 value = &header[i].value;
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
219 xfwd = NULL;
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
220
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
221 goto found;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
222 }
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
223 }
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
224
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
225 return NGX_DECLINED;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
226 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
227
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
228 found:
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
229
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
230 c = r->connection;
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
231
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
232 addr.sockaddr = c->sockaddr;
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
233 addr.socklen = c->socklen;
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
234 /* addr.name = c->addr_text; */
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
235
5084
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
236 if (ngx_http_get_forwarded_addr(r, &addr, xfwd, value, rlcf->from,
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
237 rlcf->recursive)
5084
f7fe817c92a2 Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents: 4624
diff changeset
238 != NGX_DECLINED)
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
239 {
6563
26feae43987f Realip: take client port from PROXY protocol header.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6562
diff changeset
240 if (rlcf->type == NGX_HTTP_REALIP_PROXY) {
6593
b3b7e33083ac Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents: 6565
diff changeset
241 ngx_inet_set_port(addr.sockaddr, c->proxy_protocol_port);
6563
26feae43987f Realip: take client port from PROXY protocol header.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6562
diff changeset
242 }
26feae43987f Realip: take client port from PROXY protocol header.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6562
diff changeset
243
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
244 return ngx_http_realip_set_addr(r, &addr);
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
245 }
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
246
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
247 return NGX_DECLINED;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
248 }
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
249
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
250
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
251 static ngx_int_t
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
252 ngx_http_realip_set_addr(ngx_http_request_t *r, ngx_addr_t *addr)
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
253 {
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
254 size_t len;
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
255 u_char *p;
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
256 u_char text[NGX_SOCKADDR_STRLEN];
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
257 ngx_connection_t *c;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
258 ngx_pool_cleanup_t *cln;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
259 ngx_http_realip_ctx_t *ctx;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
260
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
261 cln = ngx_pool_cleanup_add(r->pool, sizeof(ngx_http_realip_ctx_t));
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
262 if (cln == NULL) {
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
263 return NGX_HTTP_INTERNAL_SERVER_ERROR;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
264 }
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
265
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
266 ctx = cln->data;
1114
3f354952e91d fix broken values, debug logging, and style fix
Igor Sysoev <igor@sysoev.ru>
parents: 986
diff changeset
267
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
268 c = r->connection;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
269
5263
05ba5bce31e0 Core: extended ngx_sock_ntop() with socklen parameter.
Vladimir Homutov <vl@nginx.com>
parents: 5084
diff changeset
270 len = ngx_sock_ntop(addr->sockaddr, addr->socklen, text,
05ba5bce31e0 Core: extended ngx_sock_ntop() with socklen parameter.
Vladimir Homutov <vl@nginx.com>
parents: 5084
diff changeset
271 NGX_SOCKADDR_STRLEN, 0);
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
272 if (len == 0) {
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
273 return NGX_HTTP_INTERNAL_SERVER_ERROR;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
274 }
1114
3f354952e91d fix broken values, debug logging, and style fix
Igor Sysoev <igor@sysoev.ru>
parents: 986
diff changeset
275
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
276 p = ngx_pnalloc(c->pool, len);
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
277 if (p == NULL) {
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
278 return NGX_HTTP_INTERNAL_SERVER_ERROR;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
279 }
1118
cec2866f29bd a client address must be allocated from a connection pool
Igor Sysoev <igor@sysoev.ru>
parents: 1114
diff changeset
280
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
281 ngx_memcpy(p, text, len);
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
282
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
283 cln->handler = ngx_http_realip_cleanup;
6671
6b1b8c4b7a95 Realip: fixed uninitialized memory access.
Roman Arutyunyan <arut@nginx.com>
parents: 6593
diff changeset
284 ngx_http_set_ctx(r, ctx, ngx_http_realip_module);
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
285
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
286 ctx->connection = c;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
287 ctx->sockaddr = c->sockaddr;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
288 ctx->socklen = c->socklen;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
289 ctx->addr_text = c->addr_text;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
290
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
291 c->sockaddr = addr->sockaddr;
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
292 c->socklen = addr->socklen;
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
293 c->addr_text.len = len;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
294 c->addr_text.data = p;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
295
986
68c85f283043 ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents: 681
diff changeset
296 return NGX_DECLINED;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
297 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
298
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
299
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
300 static void
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
301 ngx_http_realip_cleanup(void *data)
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
302 {
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
303 ngx_http_realip_ctx_t *ctx = data;
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
304
3273
fe71be4a02f1 support IPv6 addresses in Real IP headers
Igor Sysoev <igor@sysoev.ru>
parents: 3267
diff changeset
305 ngx_connection_t *c;
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
306
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
307 c = ctx->connection;
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
308
3273
fe71be4a02f1 support IPv6 addresses in Real IP headers
Igor Sysoev <igor@sysoev.ru>
parents: 3267
diff changeset
309 c->sockaddr = ctx->sockaddr;
fe71be4a02f1 support IPv6 addresses in Real IP headers
Igor Sysoev <igor@sysoev.ru>
parents: 3267
diff changeset
310 c->socklen = ctx->socklen;
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
311 c->addr_text = ctx->addr_text;
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
312 }
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
313
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
314
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
315 static char *
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
316 ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
317 {
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
318 ngx_http_realip_loc_conf_t *rlcf = conf;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
319
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
320 ngx_int_t rc;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
321 ngx_str_t *value;
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
322 ngx_cidr_t *cidr;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
323
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
324 value = cf->args->elts;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
325
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
326 if (rlcf->from == NULL) {
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
327 rlcf->from = ngx_array_create(cf->pool, 2,
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
328 sizeof(ngx_cidr_t));
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
329 if (rlcf->from == NULL) {
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
330 return NGX_CONF_ERROR;
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
331 }
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
332 }
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
333
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
334 cidr = ngx_array_push(rlcf->from);
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
335 if (cidr == NULL) {
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
336 return NGX_CONF_ERROR;
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
337 }
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
338
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
339 #if (NGX_HAVE_UNIX_DOMAIN)
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
340
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
341 if (ngx_strcmp(value[1].data, "unix:") == 0) {
6474
Ruslan Ermilov <ru@nginx.com>
parents: 6294
diff changeset
342 cidr->family = AF_UNIX;
Ruslan Ermilov <ru@nginx.com>
parents: 6294
diff changeset
343 return NGX_CONF_OK;
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
344 }
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
345
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
346 #endif
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
347
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
348 rc = ngx_ptocidr(&value[1], cidr);
1380
b590a528fd41 ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents: 1118
diff changeset
349
b590a528fd41 ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents: 1118
diff changeset
350 if (rc == NGX_ERROR) {
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
351 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"",
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
352 &value[1]);
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
353 return NGX_CONF_ERROR;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
354 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
355
1380
b590a528fd41 ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents: 1118
diff changeset
356 if (rc == NGX_DONE) {
b590a528fd41 ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents: 1118
diff changeset
357 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
b590a528fd41 ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents: 1118
diff changeset
358 "low address bits of %V are meaningless", &value[1]);
b590a528fd41 ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents: 1118
diff changeset
359 }
b590a528fd41 ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents: 1118
diff changeset
360
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
361 return NGX_CONF_OK;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
362 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
363
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
364
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
365 static char *
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
366 ngx_http_realip(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
367 {
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
368 ngx_http_realip_loc_conf_t *rlcf = conf;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
369
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
370 ngx_str_t *value;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
371
6565
3af0e65a461a Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents: 6563
diff changeset
372 if (rlcf->type != NGX_CONF_UNSET_UINT) {
3af0e65a461a Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents: 6563
diff changeset
373 return "is duplicate";
3af0e65a461a Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents: 6563
diff changeset
374 }
3af0e65a461a Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents: 6563
diff changeset
375
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
376 value = cf->args->elts;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
377
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
378 if (ngx_strcmp(value[1].data, "X-Real-IP") == 0) {
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
379 rlcf->type = NGX_HTTP_REALIP_XREALIP;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
380 return NGX_CONF_OK;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
381 }
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
382
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
383 if (ngx_strcmp(value[1].data, "X-Forwarded-For") == 0) {
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
384 rlcf->type = NGX_HTTP_REALIP_XFWD;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
385 return NGX_CONF_OK;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
386 }
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
387
5605
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
388 if (ngx_strcmp(value[1].data, "proxy_protocol") == 0) {
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
389 rlcf->type = NGX_HTTP_REALIP_PROXY;
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
390 return NGX_CONF_OK;
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
391 }
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
392
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
393 rlcf->type = NGX_HTTP_REALIP_HEADER;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
394 rlcf->hash = ngx_hash_strlow(value[1].data, value[1].data, value[1].len);
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
395 rlcf->header = value[1];
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
396
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
397 return NGX_CONF_OK;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
398 }
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
399
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
400
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
401 static void *
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
402 ngx_http_realip_create_loc_conf(ngx_conf_t *cf)
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
403 {
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
404 ngx_http_realip_loc_conf_t *conf;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
405
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
406 conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_realip_loc_conf_t));
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
407 if (conf == NULL) {
2912
c7d57b539248 return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents: 2537
diff changeset
408 return NULL;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
409 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
410
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
411 /*
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
412 * set by ngx_pcalloc():
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
413 *
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
414 * conf->from = NULL;
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
415 * conf->hash = 0;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
416 * conf->header = { 0, NULL };
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
417 */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
418
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
419 conf->type = NGX_CONF_UNSET_UINT;
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
420 conf->recursive = NGX_CONF_UNSET;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
421
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
422 return conf;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
423 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
424
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
425
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
426 static char *
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
427 ngx_http_realip_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
428 {
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
429 ngx_http_realip_loc_conf_t *prev = parent;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
430 ngx_http_realip_loc_conf_t *conf = child;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
431
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
432 if (conf->from == NULL) {
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
433 conf->from = prev->from;
3305
8017f9bda3f6 fix "set_real_ip_from unix:" inheritance
Igor Sysoev <igor@sysoev.ru>
parents: 3291
diff changeset
434 }
8017f9bda3f6 fix "set_real_ip_from unix:" inheritance
Igor Sysoev <igor@sysoev.ru>
parents: 3291
diff changeset
435
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
436 ngx_conf_merge_uint_value(conf->type, prev->type, NGX_HTTP_REALIP_XREALIP);
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
437 ngx_conf_merge_value(conf->recursive, prev->recursive, 0);
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
438
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
439 if (conf->header.len == 0) {
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
440 conf->hash = prev->hash;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
441 conf->header = prev->header;
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
442 }
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
443
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
444 return NGX_CONF_OK;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
445 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
446
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
447
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
448 static ngx_int_t
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
449 ngx_http_realip_add_variables(ngx_conf_t *cf)
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
450 {
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
451 ngx_http_variable_t *var, *v;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
452
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
453 for (v = ngx_http_realip_vars; v->name.len; v++) {
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
454 var = ngx_http_add_variable(cf, &v->name, v->flags);
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
455 if (var == NULL) {
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
456 return NGX_ERROR;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
457 }
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
458
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
459 var->get_handler = v->get_handler;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
460 var->data = v->data;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
461 }
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
462
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
463 return NGX_OK;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
464 }
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
465
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
466
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
467 static ngx_int_t
681
7e24168b0853 nginx-0.4.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 667
diff changeset
468 ngx_http_realip_init(ngx_conf_t *cf)
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
469 {
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
470 ngx_http_handler_pt *h;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
471 ngx_http_core_main_conf_t *cmcf;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
472
681
7e24168b0853 nginx-0.4.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 667
diff changeset
473 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
474
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
475 h = ngx_array_push(&cmcf->phases[NGX_HTTP_POST_READ_PHASE].handlers);
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
476 if (h == NULL) {
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
477 return NGX_ERROR;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
478 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
479
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
480 *h = ngx_http_realip_handler;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
481
581
326634fb9d47 nginx-0.3.12-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 573
diff changeset
482 h = ngx_array_push(&cmcf->phases[NGX_HTTP_PREACCESS_PHASE].handlers);
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
483 if (h == NULL) {
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
484 return NGX_ERROR;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
485 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
486
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
487 *h = ngx_http_realip_handler;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
488
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
489 return NGX_OK;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
490 }
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
491
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
492
6562
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
493 static ngx_http_realip_ctx_t *
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
494 ngx_http_realip_get_module_ctx(ngx_http_request_t *r)
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
495 {
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
496 ngx_pool_cleanup_t *cln;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
497 ngx_http_realip_ctx_t *ctx;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
498
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
499 ctx = ngx_http_get_module_ctx(r, ngx_http_realip_module);
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
500
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
501 if (ctx == NULL && (r->internal || r->filter_finalize)) {
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
502
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
503 /*
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
504 * if module context was reset, the original address
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
505 * can still be found in the cleanup handler
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
506 */
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
507
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
508 for (cln = r->pool->cleanup; cln; cln = cln->next) {
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
509 if (cln->handler == ngx_http_realip_cleanup) {
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
510 ctx = cln->data;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
511 break;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
512 }
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
513 }
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
514 }
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
515
6562
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
516 return ctx;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
517 }
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
518
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
519
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
520 static ngx_int_t
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
521 ngx_http_realip_remote_addr_variable(ngx_http_request_t *r,
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
522 ngx_http_variable_value_t *v, uintptr_t data)
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
523 {
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
524 ngx_str_t *addr_text;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
525 ngx_http_realip_ctx_t *ctx;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
526
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
527 ctx = ngx_http_realip_get_module_ctx(r);
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
528
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
529 addr_text = ctx ? &ctx->addr_text : &r->connection->addr_text;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
530
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
531 v->len = addr_text->len;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
532 v->valid = 1;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
533 v->no_cacheable = 0;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
534 v->not_found = 0;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
535 v->data = addr_text->data;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
536
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
537 return NGX_OK;
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
538 }
6562
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
539
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
540
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
541 static ngx_int_t
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
542 ngx_http_realip_remote_port_variable(ngx_http_request_t *r,
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
543 ngx_http_variable_value_t *v, uintptr_t data)
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
544 {
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
545 ngx_uint_t port;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
546 struct sockaddr *sa;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
547 ngx_http_realip_ctx_t *ctx;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
548
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
549 ctx = ngx_http_realip_get_module_ctx(r);
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
550
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
551 sa = ctx ? ctx->sockaddr : r->connection->sockaddr;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
552
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
553 v->len = 0;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
554 v->valid = 1;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
555 v->no_cacheable = 0;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
556 v->not_found = 0;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
557
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
558 v->data = ngx_pnalloc(r->pool, sizeof("65535") - 1);
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
559 if (v->data == NULL) {
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
560 return NGX_ERROR;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
561 }
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
562
6593
b3b7e33083ac Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents: 6565
diff changeset
563 port = ngx_inet_get_port(sa);
6562
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
564
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
565 if (port > 0 && port < 65536) {
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
566 v->len = ngx_sprintf(v->data, "%ui", port) - v->data;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
567 }
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
568
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
569 return NGX_OK;
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
570 }