Mercurial > hg > nginx
view auto/os/freebsd @ 4668:ba2c7463ce18 stable-1.2
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
*) Added IPv6 and UNIX-domain socket support in "debug_connection"
directive.
*) New function ngx_http_get_forwarded_addr() to look up real client
address.
On input it takes an original address, string in the X-Forwarded-For format
and its length, list of trusted proxies, and a flag indicating to perform
the recursive search. On output it returns NGX_OK and the "deepest" valid
address in a chain, or NGX_DECLINED. It supports AF_INET and AF_INET6.
Additionally, original address and/or proxy may be specified as AF_UNIX.
*) Realip: chains of trusted proxies and IPv6 support.
The module now supports recursive search of client address through
the chain of trusted proxies, controlled by the "real_ip_recursive"
directive (closes #2). It also gets full IPv6 support (closes #44)
and canonical value of the $client_addr variable on address change.
Example:
real_ip_header X-Forwarded-For;
set_real_ip_from 127.0.0.0/8;
set_real_ip_from ::1;
set_real_ip_from unix:;
real_ip_recursive on;
*) Geo: chains of trusted proxies and partial IPv6 support.
The module now supports recursive search of client address through
the chain of trusted proxies, controlled by the "proxy_recursive"
directive in the "geo" block. It also gets partial IPv6 support:
now proxies may be specified with IPv6 addresses.
Example:
geo $test {
...
proxy 127.0.0.1;
proxy ::1;
proxy_recursive;
}
There's also a slight change in behavior. When original client
address (as specified by the "geo" directive) is one of the
trusted proxies, and the value of the X-Forwarded-For request
header cannot not be parsed as a valid address, an original client
address will be used for lookup. Previously, 255.255.255.255 was
used in this case.
*) Geoip: trusted proxies support and partial IPv6 support.
The module now supports recursive search of client address through the
chain of trusted proxies (closes #100), in the same scope as the geo
module. Proxies are listed by the "geoip_proxy" directive, recursive
search is enabled by the "geoip_proxy_recursive" directive. IPv6 is
partially supported: proxies may be specified with IPv6 addresses.
Example:
geoip_country .../GeoIP.dat;
geoip_proxy 127.0.0.1;
geoip_proxy ::1;
geoip_proxy 10.0.0.0/8;
geoip_proxy_recursive on;
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 04 Jun 2012 11:58:12 +0000 |
parents | f31162fefe01 |
children | 0f234ee664f7 |
line wrap: on
line source
# Copyright (C) Igor Sysoev # Copyright (C) Nginx, Inc. have=NGX_FREEBSD . auto/have_headers CORE_INCS="$UNIX_INCS" CORE_DEPS="$UNIX_DEPS $FREEBSD_DEPS" CORE_SRCS="$UNIX_SRCS $FREEBSD_SRCS" ngx_spacer=' ' # __FreeBSD_version and sysctl kern.osreldate are the best ways # to determine whether some capability exists and is safe to use. # __FreeBSD_version is used for the testing of the build environment. # sysctl kern.osreldate is used for the testing of the kernel capabilities. version=`grep "#define __FreeBSD_version" /usr/include/osreldate.h \ | sed -e 's/^.* \(.*\)$/\1/'` osreldate=`/sbin/sysctl -n kern.osreldate` # setproctitle() in libutil if [ \( $version -ge 500000 -a $version -lt 500012 \) \ -o $version -lt 410002 ] then echo " + setproctitle() in libutil" CORE_LIBS="$CORE_LIBS -lutil" NGX_SETPROCTITLE_LIB="-lutil" fi # sendfile if [ $osreldate -gt 300007 ]; then echo " + sendfile() found" have=NGX_HAVE_SENDFILE . auto/have CORE_SRCS="$CORE_SRCS $FREEBSD_SENDFILE_SRCS" fi if [ $osreldate -gt 502103 ]; then echo " + sendfile()'s SF_NODISKIO found" have=NGX_HAVE_AIO_SENDFILE . auto/have fi # POSIX semaphores # http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/127545 if [ $osreldate -ge 701106 ]; then echo " + POSIX semaphores should work" else have=NGX_HAVE_POSIX_SEM . auto/nohave fi # kqueue if [ \( $osreldate -lt 500000 -a $osreldate -ge 410000 \) \ -o $osreldate -ge 500011 ] then echo " + kqueue found" have=NGX_HAVE_KQUEUE . auto/have have=NGX_HAVE_CLEAR_EVENT . auto/have EVENT_MODULES="$EVENT_MODULES $KQUEUE_MODULE" CORE_SRCS="$CORE_SRCS $KQUEUE_SRCS" EVENT_FOUND=YES fi NGX_KQUEUE_CHECKED=YES # kqueue's NOTE_LAWAT if [ \( $version -lt 500000 -a $version -ge 430000 \) \ -o $version -ge 500018 ] then echo " + kqueue's NOTE_LOWAT found" have=NGX_HAVE_LOWAT_EVENT . auto/have fi # kqueue's EVFILT_TIMER if [ \( $version -lt 500000 -a $version -ge 440001 \) \ -o $version -ge 500023 ] then echo " + kqueue's EVFILT_TIMER found" have=NGX_HAVE_TIMER_EVENT . auto/have fi if [ $USE_THREADS = "rfork" ]; then echo " + using rfork()" # # kqueue's EVFILT_SIGNAL is safe # # if [ $version -gt 460101 ]; then # echo " + kqueue's EVFILT_SIGNAL is safe" # have=NGX_HAVE_SAFE_EVFILT_SIGNAL . auto/have # else # echo "$0: error: the kqueue's EVFILT_SIGNAL is unsafe on this" # echo "FreeBSD version, so --with-threads=rfork could not be used" # echo # # exit 1 # fi fi if [ $EVENT_AIO = YES ]; then if [ \( $version -lt 500000 -a $version -ge 430000 \) \ -o $version -ge 500014 ] then have=NGX_HAVE_AIO . auto/have EVENT_MODULES="$EVENT_MODULES $AIO_MODULE" CORE_SRCS="$CORE_SRCS $AIO_SRCS" else cat << END $0: error: the kqueue does not support AIO on this FreeBSD version END exit 1 fi fi # cpuset_setaffinity() if [ $version -ge 701000 ]; then echo " + cpuset_setaffinity() found" have=NGX_HAVE_CPUSET_SETAFFINITY . auto/have fi