Mercurial > hg > nginx
comparison src/http/ngx_http_core_module.c @ 5084:f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Wed, 27 Feb 2013 13:29:50 +0000 |
parents | 44fcb9677c3f |
children | 1b204b8ea9a3 |
comparison
equal
deleted
inserted
replaced
5083:a805dc9c85cd | 5084:f7fe817c92a2 |
---|---|
74 static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); | 74 static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); |
75 static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); | 75 static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); |
76 static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, | 76 static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, |
77 void *conf); | 77 void *conf); |
78 #endif | 78 #endif |
79 static ngx_int_t ngx_http_get_forwarded_addr_internal(ngx_http_request_t *r, | |
80 ngx_addr_t *addr, u_char *xff, size_t xfflen, ngx_array_t *proxies, | |
81 int recursive); | |
79 #if (NGX_HAVE_OPENAT) | 82 #if (NGX_HAVE_OPENAT) |
80 static char *ngx_http_disable_symlinks(ngx_conf_t *cf, ngx_command_t *cmd, | 83 static char *ngx_http_disable_symlinks(ngx_conf_t *cf, ngx_command_t *cmd, |
81 void *conf); | 84 void *conf); |
82 #endif | 85 #endif |
83 | 86 |
2745 } | 2748 } |
2746 | 2749 |
2747 | 2750 |
2748 ngx_int_t | 2751 ngx_int_t |
2749 ngx_http_get_forwarded_addr(ngx_http_request_t *r, ngx_addr_t *addr, | 2752 ngx_http_get_forwarded_addr(ngx_http_request_t *r, ngx_addr_t *addr, |
2753 ngx_array_t *headers, ngx_str_t *value, ngx_array_t *proxies, | |
2754 int recursive) | |
2755 { | |
2756 ngx_int_t rc; | |
2757 ngx_uint_t i, found; | |
2758 ngx_table_elt_t **h; | |
2759 | |
2760 if (headers == NULL) { | |
2761 return ngx_http_get_forwarded_addr_internal(r, addr, value->data, | |
2762 value->len, proxies, | |
2763 recursive); | |
2764 } | |
2765 | |
2766 i = headers->nelts; | |
2767 h = headers->elts; | |
2768 | |
2769 rc = NGX_DECLINED; | |
2770 | |
2771 found = 0; | |
2772 | |
2773 while (i-- > 0) { | |
2774 rc = ngx_http_get_forwarded_addr_internal(r, addr, h[i]->value.data, | |
2775 h[i]->value.len, proxies, | |
2776 recursive); | |
2777 | |
2778 if (!recursive) { | |
2779 break; | |
2780 } | |
2781 | |
2782 if (rc == NGX_DECLINED && found) { | |
2783 rc = NGX_DONE; | |
2784 break; | |
2785 } | |
2786 | |
2787 if (rc != NGX_OK) { | |
2788 break; | |
2789 } | |
2790 | |
2791 found = 1; | |
2792 } | |
2793 | |
2794 return rc; | |
2795 } | |
2796 | |
2797 | |
2798 static ngx_int_t | |
2799 ngx_http_get_forwarded_addr_internal(ngx_http_request_t *r, ngx_addr_t *addr, | |
2750 u_char *xff, size_t xfflen, ngx_array_t *proxies, int recursive) | 2800 u_char *xff, size_t xfflen, ngx_array_t *proxies, int recursive) |
2751 { | 2801 { |
2752 u_char *p; | 2802 u_char *p; |
2753 in_addr_t inaddr; | 2803 in_addr_t inaddr; |
2804 ngx_int_t rc; | |
2754 ngx_addr_t paddr; | 2805 ngx_addr_t paddr; |
2755 ngx_cidr_t *cidr; | 2806 ngx_cidr_t *cidr; |
2756 ngx_uint_t family, i; | 2807 ngx_uint_t family, i; |
2757 #if (NGX_HAVE_INET6) | 2808 #if (NGX_HAVE_INET6) |
2758 ngx_uint_t n; | 2809 ngx_uint_t n; |
2840 } | 2891 } |
2841 | 2892 |
2842 *addr = paddr; | 2893 *addr = paddr; |
2843 | 2894 |
2844 if (recursive && p > xff) { | 2895 if (recursive && p > xff) { |
2845 (void) ngx_http_get_forwarded_addr(r, addr, xff, p - 1 - xff, | 2896 rc = ngx_http_get_forwarded_addr_internal(r, addr, xff, p - 1 - xff, |
2846 proxies, 1); | 2897 proxies, 1); |
2898 | |
2899 if (rc == NGX_DECLINED) { | |
2900 return NGX_DONE; | |
2901 } | |
2902 | |
2903 /* rc == NGX_OK || rc == NGX_DONE */ | |
2904 return rc; | |
2847 } | 2905 } |
2848 | 2906 |
2849 return NGX_OK; | 2907 return NGX_OK; |
2850 | 2908 |
2851 next: | 2909 next: |