Mercurial > hg > nginx
annotate src/http/modules/ngx_http_realip_module.c @ 7791:d84f13618277
Mail: postponed session initialization under accept mutex.
Similarly to 40e8ce405859 in the stream module, this reduces the time
accept mutex is held. This also simplifies following changes to
introduce PROXY protocol support.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 05 Mar 2021 17:16:19 +0300 |
parents | 06b01840bd42 |
children | ef6a3a99a81a |
rev | line source |
---|---|
573 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4412 | 4 * Copyright (C) Nginx, Inc. |
573 | 5 */ |
6 | |
7 | |
8 #include <ngx_config.h> | |
9 #include <ngx_core.h> | |
10 #include <ngx_http.h> | |
11 | |
12 | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
13 #define NGX_HTTP_REALIP_XREALIP 0 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
14 #define NGX_HTTP_REALIP_XFWD 1 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
15 #define NGX_HTTP_REALIP_HEADER 2 |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
16 #define NGX_HTTP_REALIP_PROXY 3 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
17 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
18 |
573 | 19 typedef struct { |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
20 ngx_array_t *from; /* array of ngx_cidr_t */ |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
21 ngx_uint_t type; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
22 ngx_uint_t hash; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
23 ngx_str_t header; |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
24 ngx_flag_t recursive; |
573 | 25 } ngx_http_realip_loc_conf_t; |
26 | |
27 | |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
28 typedef struct { |
3274 | 29 ngx_connection_t *connection; |
30 struct sockaddr *sockaddr; | |
31 socklen_t socklen; | |
32 ngx_str_t addr_text; | |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
33 } ngx_http_realip_ctx_t; |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
34 |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
35 |
573 | 36 static ngx_int_t ngx_http_realip_handler(ngx_http_request_t *r); |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
37 static ngx_int_t ngx_http_realip_set_addr(ngx_http_request_t *r, |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
38 ngx_addr_t *addr); |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
39 static void ngx_http_realip_cleanup(void *data); |
573 | 40 static char *ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, |
41 void *conf); | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
42 static char *ngx_http_realip(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
573 | 43 static void *ngx_http_realip_create_loc_conf(ngx_conf_t *cf); |
44 static char *ngx_http_realip_merge_loc_conf(ngx_conf_t *cf, | |
45 void *parent, void *child); | |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
46 static ngx_int_t ngx_http_realip_add_variables(ngx_conf_t *cf); |
681 | 47 static ngx_int_t ngx_http_realip_init(ngx_conf_t *cf); |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
48 static ngx_http_realip_ctx_t *ngx_http_realip_get_module_ctx( |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
49 ngx_http_request_t *r); |
573 | 50 |
51 | |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
52 static ngx_int_t ngx_http_realip_remote_addr_variable(ngx_http_request_t *r, |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
53 ngx_http_variable_value_t *v, uintptr_t data); |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
54 static ngx_int_t ngx_http_realip_remote_port_variable(ngx_http_request_t *r, |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
55 ngx_http_variable_value_t *v, uintptr_t data); |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
56 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
57 |
573 | 58 static ngx_command_t ngx_http_realip_commands[] = { |
59 | |
60 { ngx_string("set_real_ip_from"), | |
61 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
62 ngx_http_realip_from, | |
63 NGX_HTTP_LOC_CONF_OFFSET, | |
64 0, | |
65 NULL }, | |
66 | |
67 { ngx_string("real_ip_header"), | |
68 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
69 ngx_http_realip, |
573 | 70 NGX_HTTP_LOC_CONF_OFFSET, |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
71 0, |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
72 NULL }, |
573 | 73 |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
74 { ngx_string("real_ip_recursive"), |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
75 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
76 ngx_conf_set_flag_slot, |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
77 NGX_HTTP_LOC_CONF_OFFSET, |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
78 offsetof(ngx_http_realip_loc_conf_t, recursive), |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
79 NULL }, |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
80 |
573 | 81 ngx_null_command |
82 }; | |
83 | |
84 | |
85 | |
667 | 86 static ngx_http_module_t ngx_http_realip_module_ctx = { |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
87 ngx_http_realip_add_variables, /* preconfiguration */ |
681 | 88 ngx_http_realip_init, /* postconfiguration */ |
573 | 89 |
90 NULL, /* create main configuration */ | |
91 NULL, /* init main configuration */ | |
92 | |
93 NULL, /* create server configuration */ | |
94 NULL, /* merge server configuration */ | |
95 | |
96 ngx_http_realip_create_loc_conf, /* create location configuration */ | |
97 ngx_http_realip_merge_loc_conf /* merge location configuration */ | |
98 }; | |
99 | |
100 | |
101 ngx_module_t ngx_http_realip_module = { | |
102 NGX_MODULE_V1, | |
103 &ngx_http_realip_module_ctx, /* module context */ | |
104 ngx_http_realip_commands, /* module directives */ | |
105 NGX_HTTP_MODULE, /* module type */ | |
106 NULL, /* init master */ | |
681 | 107 NULL, /* init module */ |
573 | 108 NULL, /* init process */ |
109 NULL, /* init thread */ | |
110 NULL, /* exit thread */ | |
111 NULL, /* exit process */ | |
112 NULL, /* exit master */ | |
113 NGX_MODULE_V1_PADDING | |
114 }; | |
115 | |
116 | |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
117 static ngx_http_variable_t ngx_http_realip_vars[] = { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
118 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
119 { ngx_string("realip_remote_addr"), NULL, |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
120 ngx_http_realip_remote_addr_variable, 0, 0, 0 }, |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
121 |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
122 { ngx_string("realip_remote_port"), NULL, |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
123 ngx_http_realip_remote_port_variable, 0, 0, 0 }, |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
124 |
7077
2a288909abc6
Variables: macros for null variables.
Ruslan Ermilov <ru@nginx.com>
parents:
6997
diff
changeset
|
125 ngx_http_null_variable |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
126 }; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
127 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
128 |
573 | 129 static ngx_int_t |
130 ngx_http_realip_handler(ngx_http_request_t *r) | |
131 { | |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
132 u_char *p; |
573 | 133 size_t len; |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
134 ngx_str_t *value; |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
135 ngx_uint_t i, hash; |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
136 ngx_addr_t addr; |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
137 ngx_array_t *xfwd; |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
138 ngx_list_part_t *part; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
139 ngx_table_elt_t *header; |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
140 ngx_connection_t *c; |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
141 ngx_http_realip_ctx_t *ctx; |
573 | 142 ngx_http_realip_loc_conf_t *rlcf; |
143 | |
6729
cecf415643d7
Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6671
diff
changeset
|
144 rlcf = ngx_http_get_module_loc_conf(r, ngx_http_realip_module); |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
145 |
6729
cecf415643d7
Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6671
diff
changeset
|
146 if (rlcf->from == NULL) { |
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
147 return NGX_DECLINED; |
573 | 148 } |
149 | |
6729
cecf415643d7
Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6671
diff
changeset
|
150 ctx = ngx_http_realip_get_module_ctx(r); |
573 | 151 |
6729
cecf415643d7
Realip: fixed duplicate processing on redirects (ticket #1098).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6671
diff
changeset
|
152 if (ctx) { |
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
153 return NGX_DECLINED; |
573 | 154 } |
155 | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
156 switch (rlcf->type) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
157 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
158 case NGX_HTTP_REALIP_XREALIP: |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
159 |
573 | 160 if (r->headers_in.x_real_ip == NULL) { |
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
161 return NGX_DECLINED; |
573 | 162 } |
163 | |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
164 value = &r->headers_in.x_real_ip->value; |
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
165 xfwd = NULL; |
573 | 166 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
167 break; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
168 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
169 case NGX_HTTP_REALIP_XFWD: |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
170 |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
171 xfwd = &r->headers_in.x_forwarded_for; |
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
172 |
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
173 if (xfwd->elts == NULL) { |
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
174 return NGX_DECLINED; |
573 | 175 } |
176 | |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
177 value = NULL; |
573 | 178 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
179 break; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
180 |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
181 case NGX_HTTP_REALIP_PROXY: |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
182 |
7590
06b01840bd42
Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7077
diff
changeset
|
183 if (r->connection->proxy_protocol == NULL) { |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
184 return NGX_DECLINED; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
185 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
186 |
7590
06b01840bd42
Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7077
diff
changeset
|
187 value = &r->connection->proxy_protocol->src_addr; |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
188 xfwd = NULL; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
189 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
190 break; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
191 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
192 default: /* NGX_HTTP_REALIP_HEADER */ |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
193 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
194 part = &r->headers_in.headers.part; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
195 header = part->elts; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
196 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
197 hash = rlcf->hash; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
198 len = rlcf->header.len; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
199 p = rlcf->header.data; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
200 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
201 for (i = 0; /* void */ ; i++) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
202 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
203 if (i >= part->nelts) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
204 if (part->next == NULL) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
205 break; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
206 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
207 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
208 part = part->next; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
209 header = part->elts; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
210 i = 0; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
211 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
212 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
213 if (hash == header[i].hash |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
214 && len == header[i].key.len |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
215 && ngx_strncmp(p, header[i].lowcase_key, len) == 0) |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
216 { |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
217 value = &header[i].value; |
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
218 xfwd = NULL; |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
219 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
220 goto found; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
221 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
222 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
223 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
224 return NGX_DECLINED; |
573 | 225 } |
226 | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
227 found: |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
228 |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
229 c = r->connection; |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
230 |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
231 addr.sockaddr = c->sockaddr; |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
232 addr.socklen = c->socklen; |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
233 /* addr.name = c->addr_text; */ |
3274 | 234 |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
235 if (ngx_http_get_forwarded_addr(r, &addr, xfwd, value, rlcf->from, |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
236 rlcf->recursive) |
5084
f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
Ruslan Ermilov <ru@nginx.com>
parents:
4624
diff
changeset
|
237 != NGX_DECLINED) |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
238 { |
6563
26feae43987f
Realip: take client port from PROXY protocol header.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6562
diff
changeset
|
239 if (rlcf->type == NGX_HTTP_REALIP_PROXY) { |
7590
06b01840bd42
Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7077
diff
changeset
|
240 ngx_inet_set_port(addr.sockaddr, c->proxy_protocol->src_port); |
6563
26feae43987f
Realip: take client port from PROXY protocol header.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6562
diff
changeset
|
241 } |
26feae43987f
Realip: take client port from PROXY protocol header.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6562
diff
changeset
|
242 |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
243 return ngx_http_realip_set_addr(r, &addr); |
3274 | 244 } |
245 | |
246 return NGX_DECLINED; | |
247 } | |
248 | |
573 | 249 |
3274 | 250 static ngx_int_t |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
251 ngx_http_realip_set_addr(ngx_http_request_t *r, ngx_addr_t *addr) |
3274 | 252 { |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
253 size_t len; |
3274 | 254 u_char *p; |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
255 u_char text[NGX_SOCKADDR_STRLEN]; |
3274 | 256 ngx_connection_t *c; |
257 ngx_pool_cleanup_t *cln; | |
258 ngx_http_realip_ctx_t *ctx; | |
573 | 259 |
3274 | 260 cln = ngx_pool_cleanup_add(r->pool, sizeof(ngx_http_realip_ctx_t)); |
261 if (cln == NULL) { | |
262 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
263 } | |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
264 |
3274 | 265 ctx = cln->data; |
1114
3f354952e91d
fix broken values, debug logging, and style fix
Igor Sysoev <igor@sysoev.ru>
parents:
986
diff
changeset
|
266 |
3274 | 267 c = r->connection; |
268 | |
5263
05ba5bce31e0
Core: extended ngx_sock_ntop() with socklen parameter.
Vladimir Homutov <vl@nginx.com>
parents:
5084
diff
changeset
|
269 len = ngx_sock_ntop(addr->sockaddr, addr->socklen, text, |
05ba5bce31e0
Core: extended ngx_sock_ntop() with socklen parameter.
Vladimir Homutov <vl@nginx.com>
parents:
5084
diff
changeset
|
270 NGX_SOCKADDR_STRLEN, 0); |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
271 if (len == 0) { |
3274 | 272 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
273 } | |
1114
3f354952e91d
fix broken values, debug logging, and style fix
Igor Sysoev <igor@sysoev.ru>
parents:
986
diff
changeset
|
274 |
3274 | 275 p = ngx_pnalloc(c->pool, len); |
276 if (p == NULL) { | |
277 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
278 } | |
1118
cec2866f29bd
a client address must be allocated from a connection pool
Igor Sysoev <igor@sysoev.ru>
parents:
1114
diff
changeset
|
279 |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
280 ngx_memcpy(p, text, len); |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
281 |
3274 | 282 cln->handler = ngx_http_realip_cleanup; |
6671
6b1b8c4b7a95
Realip: fixed uninitialized memory access.
Roman Arutyunyan <arut@nginx.com>
parents:
6593
diff
changeset
|
283 ngx_http_set_ctx(r, ctx, ngx_http_realip_module); |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
284 |
3274 | 285 ctx->connection = c; |
286 ctx->sockaddr = c->sockaddr; | |
287 ctx->socklen = c->socklen; | |
288 ctx->addr_text = c->addr_text; | |
573 | 289 |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
290 c->sockaddr = addr->sockaddr; |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
291 c->socklen = addr->socklen; |
3274 | 292 c->addr_text.len = len; |
293 c->addr_text.data = p; | |
573 | 294 |
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
295 return NGX_DECLINED; |
573 | 296 } |
297 | |
298 | |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
299 static void |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
300 ngx_http_realip_cleanup(void *data) |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
301 { |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
302 ngx_http_realip_ctx_t *ctx = data; |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
303 |
3273
fe71be4a02f1
support IPv6 addresses in Real IP headers
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
304 ngx_connection_t *c; |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
305 |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
306 c = ctx->connection; |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
307 |
3273
fe71be4a02f1
support IPv6 addresses in Real IP headers
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
308 c->sockaddr = ctx->sockaddr; |
fe71be4a02f1
support IPv6 addresses in Real IP headers
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
309 c->socklen = ctx->socklen; |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
310 c->addr_text = ctx->addr_text; |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
311 } |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
312 |
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
313 |
573 | 314 static char * |
315 ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
316 { | |
317 ngx_http_realip_loc_conf_t *rlcf = conf; | |
318 | |
6997
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
319 ngx_int_t rc; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
320 ngx_str_t *value; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
321 ngx_url_t u; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
322 ngx_cidr_t c, *cidr; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
323 ngx_uint_t i; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
324 struct sockaddr_in *sin; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
325 #if (NGX_HAVE_INET6) |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
326 struct sockaddr_in6 *sin6; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
327 #endif |
573 | 328 |
3274 | 329 value = cf->args->elts; |
330 | |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
331 if (rlcf->from == NULL) { |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
332 rlcf->from = ngx_array_create(cf->pool, 2, |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
333 sizeof(ngx_cidr_t)); |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
334 if (rlcf->from == NULL) { |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
335 return NGX_CONF_ERROR; |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
336 } |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
337 } |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
338 |
3274 | 339 #if (NGX_HAVE_UNIX_DOMAIN) |
340 | |
341 if (ngx_strcmp(value[1].data, "unix:") == 0) { | |
6997
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
342 cidr = ngx_array_push(rlcf->from); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
343 if (cidr == NULL) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
344 return NGX_CONF_ERROR; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
345 } |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
346 |
6474 | 347 cidr->family = AF_UNIX; |
348 return NGX_CONF_OK; | |
3274 | 349 } |
350 | |
351 #endif | |
352 | |
6997
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
353 rc = ngx_ptocidr(&value[1], &c); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
354 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
355 if (rc != NGX_ERROR) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
356 if (rc == NGX_DONE) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
357 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
358 "low address bits of %V are meaningless", |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
359 &value[1]); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
360 } |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
361 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
362 cidr = ngx_array_push(rlcf->from); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
363 if (cidr == NULL) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
364 return NGX_CONF_ERROR; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
365 } |
1380
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
366 |
6997
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
367 *cidr = c; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
368 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
369 return NGX_CONF_OK; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
370 } |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
371 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
372 ngx_memzero(&u, sizeof(ngx_url_t)); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
373 u.host = value[1]; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
374 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
375 if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
376 if (u.err) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
377 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
378 "%s in set_real_ip_from \"%V\"", |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
379 u.err, &u.host); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
380 } |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
381 |
573 | 382 return NGX_CONF_ERROR; |
383 } | |
384 | |
6997
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
385 cidr = ngx_array_push_n(rlcf->from, u.naddrs); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
386 if (cidr == NULL) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
387 return NGX_CONF_ERROR; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
388 } |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
389 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
390 ngx_memzero(cidr, u.naddrs * sizeof(ngx_cidr_t)); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
391 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
392 for (i = 0; i < u.naddrs; i++) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
393 cidr[i].family = u.addrs[i].sockaddr->sa_family; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
394 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
395 switch (cidr[i].family) { |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
396 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
397 #if (NGX_HAVE_INET6) |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
398 case AF_INET6: |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
399 sin6 = (struct sockaddr_in6 *) u.addrs[i].sockaddr; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
400 cidr[i].u.in6.addr = sin6->sin6_addr; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
401 ngx_memset(cidr[i].u.in6.mask.s6_addr, 0xff, 16); |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
402 break; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
403 #endif |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
404 |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
405 default: /* AF_INET */ |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
406 sin = (struct sockaddr_in *) u.addrs[i].sockaddr; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
407 cidr[i].u.in.addr = sin->sin_addr.s_addr; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
408 cidr[i].u.in.mask = 0xffffffff; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
409 break; |
df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents:
6729
diff
changeset
|
410 } |
1380
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
411 } |
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
412 |
573 | 413 return NGX_CONF_OK; |
414 } | |
415 | |
416 | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
417 static char * |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
418 ngx_http_realip(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
419 { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
420 ngx_http_realip_loc_conf_t *rlcf = conf; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
421 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
422 ngx_str_t *value; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
423 |
6565
3af0e65a461a
Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents:
6563
diff
changeset
|
424 if (rlcf->type != NGX_CONF_UNSET_UINT) { |
3af0e65a461a
Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents:
6563
diff
changeset
|
425 return "is duplicate"; |
3af0e65a461a
Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents:
6563
diff
changeset
|
426 } |
3af0e65a461a
Realip: detect duplicate real_ip_header directive.
Ruslan Ermilov <ru@nginx.com>
parents:
6563
diff
changeset
|
427 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
428 value = cf->args->elts; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
429 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
430 if (ngx_strcmp(value[1].data, "X-Real-IP") == 0) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
431 rlcf->type = NGX_HTTP_REALIP_XREALIP; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
432 return NGX_CONF_OK; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
433 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
434 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
435 if (ngx_strcmp(value[1].data, "X-Forwarded-For") == 0) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
436 rlcf->type = NGX_HTTP_REALIP_XFWD; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
437 return NGX_CONF_OK; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
438 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
439 |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
440 if (ngx_strcmp(value[1].data, "proxy_protocol") == 0) { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
441 rlcf->type = NGX_HTTP_REALIP_PROXY; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
442 return NGX_CONF_OK; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
443 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
444 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
445 rlcf->type = NGX_HTTP_REALIP_HEADER; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
446 rlcf->hash = ngx_hash_strlow(value[1].data, value[1].data, value[1].len); |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
447 rlcf->header = value[1]; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
448 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
449 return NGX_CONF_OK; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
450 } |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
451 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
452 |
573 | 453 static void * |
454 ngx_http_realip_create_loc_conf(ngx_conf_t *cf) | |
455 { | |
456 ngx_http_realip_loc_conf_t *conf; | |
457 | |
458 conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_realip_loc_conf_t)); | |
459 if (conf == NULL) { | |
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2537
diff
changeset
|
460 return NULL; |
573 | 461 } |
462 | |
463 /* | |
464 * set by ngx_pcalloc(): | |
465 * | |
466 * conf->from = NULL; | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
467 * conf->hash = 0; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
468 * conf->header = { 0, NULL }; |
573 | 469 */ |
470 | |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
471 conf->type = NGX_CONF_UNSET_UINT; |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
472 conf->recursive = NGX_CONF_UNSET; |
573 | 473 |
474 return conf; | |
475 } | |
476 | |
477 | |
478 static char * | |
479 ngx_http_realip_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) | |
480 { | |
481 ngx_http_realip_loc_conf_t *prev = parent; | |
482 ngx_http_realip_loc_conf_t *conf = child; | |
483 | |
484 if (conf->from == NULL) { | |
485 conf->from = prev->from; | |
3305
8017f9bda3f6
fix "set_real_ip_from unix:" inheritance
Igor Sysoev <igor@sysoev.ru>
parents:
3291
diff
changeset
|
486 } |
8017f9bda3f6
fix "set_real_ip_from unix:" inheritance
Igor Sysoev <igor@sysoev.ru>
parents:
3291
diff
changeset
|
487 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
488 ngx_conf_merge_uint_value(conf->type, prev->type, NGX_HTTP_REALIP_XREALIP); |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
489 ngx_conf_merge_value(conf->recursive, prev->recursive, 0); |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
490 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
491 if (conf->header.len == 0) { |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
492 conf->hash = prev->hash; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
493 conf->header = prev->header; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
494 } |
573 | 495 |
496 return NGX_CONF_OK; | |
497 } | |
498 | |
499 | |
500 static ngx_int_t | |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
501 ngx_http_realip_add_variables(ngx_conf_t *cf) |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
502 { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
503 ngx_http_variable_t *var, *v; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
504 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
505 for (v = ngx_http_realip_vars; v->name.len; v++) { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
506 var = ngx_http_add_variable(cf, &v->name, v->flags); |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
507 if (var == NULL) { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
508 return NGX_ERROR; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
509 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
510 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
511 var->get_handler = v->get_handler; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
512 var->data = v->data; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
513 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
514 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
515 return NGX_OK; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
516 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
517 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
518 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
519 static ngx_int_t |
681 | 520 ngx_http_realip_init(ngx_conf_t *cf) |
573 | 521 { |
522 ngx_http_handler_pt *h; | |
523 ngx_http_core_main_conf_t *cmcf; | |
524 | |
681 | 525 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); |
573 | 526 |
527 h = ngx_array_push(&cmcf->phases[NGX_HTTP_POST_READ_PHASE].handlers); | |
528 if (h == NULL) { | |
529 return NGX_ERROR; | |
530 } | |
531 | |
532 *h = ngx_http_realip_handler; | |
533 | |
581 | 534 h = ngx_array_push(&cmcf->phases[NGX_HTTP_PREACCESS_PHASE].handlers); |
573 | 535 if (h == NULL) { |
536 return NGX_ERROR; | |
537 } | |
538 | |
539 *h = ngx_http_realip_handler; | |
540 | |
541 return NGX_OK; | |
542 } | |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
543 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
544 |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
545 static ngx_http_realip_ctx_t * |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
546 ngx_http_realip_get_module_ctx(ngx_http_request_t *r) |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
547 { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
548 ngx_pool_cleanup_t *cln; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
549 ngx_http_realip_ctx_t *ctx; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
550 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
551 ctx = ngx_http_get_module_ctx(r, ngx_http_realip_module); |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
552 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
553 if (ctx == NULL && (r->internal || r->filter_finalize)) { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
554 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
555 /* |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
556 * if module context was reset, the original address |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
557 * can still be found in the cleanup handler |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
558 */ |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
559 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
560 for (cln = r->pool->cleanup; cln; cln = cln->next) { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
561 if (cln->handler == ngx_http_realip_cleanup) { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
562 ctx = cln->data; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
563 break; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
564 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
565 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
566 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
567 |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
568 return ctx; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
569 } |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
570 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
571 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
572 static ngx_int_t |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
573 ngx_http_realip_remote_addr_variable(ngx_http_request_t *r, |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
574 ngx_http_variable_value_t *v, uintptr_t data) |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
575 { |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
576 ngx_str_t *addr_text; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
577 ngx_http_realip_ctx_t *ctx; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
578 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
579 ctx = ngx_http_realip_get_module_ctx(r); |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
580 |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
581 addr_text = ctx ? &ctx->addr_text : &r->connection->addr_text; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
582 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
583 v->len = addr_text->len; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
584 v->valid = 1; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
585 v->no_cacheable = 0; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
586 v->not_found = 0; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
587 v->data = addr_text->data; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
588 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
589 return NGX_OK; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
590 } |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
591 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
592 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
593 static ngx_int_t |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
594 ngx_http_realip_remote_port_variable(ngx_http_request_t *r, |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
595 ngx_http_variable_value_t *v, uintptr_t data) |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
596 { |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
597 ngx_uint_t port; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
598 struct sockaddr *sa; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
599 ngx_http_realip_ctx_t *ctx; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
600 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
601 ctx = ngx_http_realip_get_module_ctx(r); |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
602 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
603 sa = ctx ? ctx->sockaddr : r->connection->sockaddr; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
604 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
605 v->len = 0; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
606 v->valid = 1; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
607 v->no_cacheable = 0; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
608 v->not_found = 0; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
609 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
610 v->data = ngx_pnalloc(r->pool, sizeof("65535") - 1); |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
611 if (v->data == NULL) { |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
612 return NGX_ERROR; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
613 } |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
614 |
6593
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6565
diff
changeset
|
615 port = ngx_inet_get_port(sa); |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
616 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
617 if (port > 0 && port < 65536) { |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
618 v->len = ngx_sprintf(v->data, "%ui", port) - v->data; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
619 } |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
620 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
621 return NGX_OK; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
622 } |