Mercurial > hg > nginx
view auto/lib/conf @ 4668:ba2c7463ce18 stable-1.2
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
*) Added IPv6 and UNIX-domain socket support in "debug_connection"
directive.
*) New function ngx_http_get_forwarded_addr() to look up real client
address.
On input it takes an original address, string in the X-Forwarded-For format
and its length, list of trusted proxies, and a flag indicating to perform
the recursive search. On output it returns NGX_OK and the "deepest" valid
address in a chain, or NGX_DECLINED. It supports AF_INET and AF_INET6.
Additionally, original address and/or proxy may be specified as AF_UNIX.
*) Realip: chains of trusted proxies and IPv6 support.
The module now supports recursive search of client address through
the chain of trusted proxies, controlled by the "real_ip_recursive"
directive (closes #2). It also gets full IPv6 support (closes #44)
and canonical value of the $client_addr variable on address change.
Example:
real_ip_header X-Forwarded-For;
set_real_ip_from 127.0.0.0/8;
set_real_ip_from ::1;
set_real_ip_from unix:;
real_ip_recursive on;
*) Geo: chains of trusted proxies and partial IPv6 support.
The module now supports recursive search of client address through
the chain of trusted proxies, controlled by the "proxy_recursive"
directive in the "geo" block. It also gets partial IPv6 support:
now proxies may be specified with IPv6 addresses.
Example:
geo $test {
...
proxy 127.0.0.1;
proxy ::1;
proxy_recursive;
}
There's also a slight change in behavior. When original client
address (as specified by the "geo" directive) is one of the
trusted proxies, and the value of the X-Forwarded-For request
header cannot not be parsed as a valid address, an original client
address will be used for lookup. Previously, 255.255.255.255 was
used in this case.
*) Geoip: trusted proxies support and partial IPv6 support.
The module now supports recursive search of client address through the
chain of trusted proxies (closes #100), in the same scope as the geo
module. Proxies are listed by the "geoip_proxy" directive, recursive
search is enabled by the "geoip_proxy_recursive" directive. IPv6 is
partially supported: proxies may be specified with IPv6 addresses.
Example:
geoip_country .../GeoIP.dat;
geoip_proxy 127.0.0.1;
geoip_proxy ::1;
geoip_proxy 10.0.0.0/8;
geoip_proxy_recursive on;
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 04 Jun 2012 11:58:12 +0000 |
parents | d620f497c50f |
children | 85dea406e18f |
line wrap: on
line source
# Copyright (C) Igor Sysoev # Copyright (C) Nginx, Inc. if [ $USE_PCRE = YES -o $PCRE != NONE ]; then . auto/lib/pcre/conf else if [ $USE_PCRE = DISABLED -a $HTTP_REWRITE = YES ]; then cat << END $0: error: the HTTP rewrite module requires the PCRE library. You can either disable the module by using --without-http_rewrite_module option or you have to enable the PCRE support. END exit 1 fi fi if [ $USE_OPENSSL = YES ]; then . auto/lib/openssl/conf fi if [ $USE_MD5 = YES ]; then if [ $USE_OPENSSL = YES ]; then have=NGX_HAVE_OPENSSL_MD5_H . auto/have have=NGX_OPENSSL_MD5 . auto/have have=NGX_HAVE_MD5 . auto/have MD5=YES MD5_LIB=OpenSSL else . auto/lib/md5/conf fi fi if [ $USE_SHA1 = YES ]; then if [ $USE_OPENSSL = YES ]; then have=NGX_HAVE_OPENSSL_SHA1_H . auto/have have=NGX_HAVE_SHA1 . auto/have SHA1=YES SHA1_LIB=OpenSSL else . auto/lib/sha1/conf fi fi if [ $USE_ZLIB = YES ]; then . auto/lib/zlib/conf fi if [ $USE_LIBXSLT = YES ]; then . auto/lib/libxslt/conf fi if [ $USE_LIBGD = YES ]; then . auto/lib/libgd/conf fi if [ $USE_PERL = YES ]; then . auto/lib/perl/conf fi if [ $HTTP_GEOIP = YES ]; then . auto/lib/geoip/conf fi if [ $NGX_GOOGLE_PERFTOOLS = YES ]; then . auto/lib/google-perftools/conf fi if [ $NGX_LIBATOMIC != NO ]; then . auto/lib/libatomic/conf fi