Mercurial > hg > nginx
comparison src/http/ngx_http_core_module.c @ 5084:f7fe817c92a2
Correctly handle multiple X-Forwarded-For headers (ticket #106).
| author | Ruslan Ermilov <ru@nginx.com> |
|---|---|
| date | Wed, 27 Feb 2013 13:29:50 +0000 |
| parents | 44fcb9677c3f |
| children | 1b204b8ea9a3 |
comparison
equal
deleted
inserted
replaced
| 5083:a805dc9c85cd | 5084:f7fe817c92a2 |
|---|---|
| 74 static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); | 74 static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); |
| 75 static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); | 75 static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); |
| 76 static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, | 76 static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, |
| 77 void *conf); | 77 void *conf); |
| 78 #endif | 78 #endif |
| 79 static ngx_int_t ngx_http_get_forwarded_addr_internal(ngx_http_request_t *r, | |
| 80 ngx_addr_t *addr, u_char *xff, size_t xfflen, ngx_array_t *proxies, | |
| 81 int recursive); | |
| 79 #if (NGX_HAVE_OPENAT) | 82 #if (NGX_HAVE_OPENAT) |
| 80 static char *ngx_http_disable_symlinks(ngx_conf_t *cf, ngx_command_t *cmd, | 83 static char *ngx_http_disable_symlinks(ngx_conf_t *cf, ngx_command_t *cmd, |
| 81 void *conf); | 84 void *conf); |
| 82 #endif | 85 #endif |
| 83 | 86 |
| 2745 } | 2748 } |
| 2746 | 2749 |
| 2747 | 2750 |
| 2748 ngx_int_t | 2751 ngx_int_t |
| 2749 ngx_http_get_forwarded_addr(ngx_http_request_t *r, ngx_addr_t *addr, | 2752 ngx_http_get_forwarded_addr(ngx_http_request_t *r, ngx_addr_t *addr, |
| 2753 ngx_array_t *headers, ngx_str_t *value, ngx_array_t *proxies, | |
| 2754 int recursive) | |
| 2755 { | |
| 2756 ngx_int_t rc; | |
| 2757 ngx_uint_t i, found; | |
| 2758 ngx_table_elt_t **h; | |
| 2759 | |
| 2760 if (headers == NULL) { | |
| 2761 return ngx_http_get_forwarded_addr_internal(r, addr, value->data, | |
| 2762 value->len, proxies, | |
| 2763 recursive); | |
| 2764 } | |
| 2765 | |
| 2766 i = headers->nelts; | |
| 2767 h = headers->elts; | |
| 2768 | |
| 2769 rc = NGX_DECLINED; | |
| 2770 | |
| 2771 found = 0; | |
| 2772 | |
| 2773 while (i-- > 0) { | |
| 2774 rc = ngx_http_get_forwarded_addr_internal(r, addr, h[i]->value.data, | |
| 2775 h[i]->value.len, proxies, | |
| 2776 recursive); | |
| 2777 | |
| 2778 if (!recursive) { | |
| 2779 break; | |
| 2780 } | |
| 2781 | |
| 2782 if (rc == NGX_DECLINED && found) { | |
| 2783 rc = NGX_DONE; | |
| 2784 break; | |
| 2785 } | |
| 2786 | |
| 2787 if (rc != NGX_OK) { | |
| 2788 break; | |
| 2789 } | |
| 2790 | |
| 2791 found = 1; | |
| 2792 } | |
| 2793 | |
| 2794 return rc; | |
| 2795 } | |
| 2796 | |
| 2797 | |
| 2798 static ngx_int_t | |
| 2799 ngx_http_get_forwarded_addr_internal(ngx_http_request_t *r, ngx_addr_t *addr, | |
| 2750 u_char *xff, size_t xfflen, ngx_array_t *proxies, int recursive) | 2800 u_char *xff, size_t xfflen, ngx_array_t *proxies, int recursive) |
| 2751 { | 2801 { |
| 2752 u_char *p; | 2802 u_char *p; |
| 2753 in_addr_t inaddr; | 2803 in_addr_t inaddr; |
| 2804 ngx_int_t rc; | |
| 2754 ngx_addr_t paddr; | 2805 ngx_addr_t paddr; |
| 2755 ngx_cidr_t *cidr; | 2806 ngx_cidr_t *cidr; |
| 2756 ngx_uint_t family, i; | 2807 ngx_uint_t family, i; |
| 2757 #if (NGX_HAVE_INET6) | 2808 #if (NGX_HAVE_INET6) |
| 2758 ngx_uint_t n; | 2809 ngx_uint_t n; |
| 2840 } | 2891 } |
| 2841 | 2892 |
| 2842 *addr = paddr; | 2893 *addr = paddr; |
| 2843 | 2894 |
| 2844 if (recursive && p > xff) { | 2895 if (recursive && p > xff) { |
| 2845 (void) ngx_http_get_forwarded_addr(r, addr, xff, p - 1 - xff, | 2896 rc = ngx_http_get_forwarded_addr_internal(r, addr, xff, p - 1 - xff, |
| 2846 proxies, 1); | 2897 proxies, 1); |
| 2898 | |
| 2899 if (rc == NGX_DECLINED) { | |
| 2900 return NGX_DONE; | |
| 2901 } | |
| 2902 | |
| 2903 /* rc == NGX_OK || rc == NGX_DONE */ | |
| 2904 return rc; | |
| 2847 } | 2905 } |
| 2848 | 2906 |
| 2849 return NGX_OK; | 2907 return NGX_OK; |
| 2850 | 2908 |
| 2851 next: | 2909 next: |