Welcome! Log In Create A New Profile

Advanced

Re: nginx and thttpd + cgi, remote_addr = 127.0.0.1

Francis Daly
October 26, 2011 09:04AM
On Wed, Oct 26, 2011 at 02:17:37AM +0400, Кирюшкин Владимир wrote:
> 26.10.2011, 02:10, "Francis Daly" <francis@daoine.org>:
> > On Wed, Oct 26, 2011 at 01:11:40AM +0400, Кирюшкин Владимир wrote:

Hi there,

> > That should cause two variables HTTP_X_REAL_IP and HTTP_X_FORWARDED_FOR
> > to be visible in the CGI output.
>
> alas, no. the full output is (when using proxy):

Ah, this thttpd doesn't expose the full http header as HTTP_* environment
variables. So scratch that as a test.

> > That patch looks like it will write the value of the X-Forwarded-For
> > header into something internal to thttpd.
>
> yes, it is intended to change X-Forwarded-For into Remote-Addr, but seems that it doesn't work.

Test the thttpd side:

curl -H 'X-Forwarded-For: 127.0.0.2' http://[thttpd-server]/env.cgi

If you don't see REMOTE_ADDR=127.0.0.2, then your thttpd is not acting
as you expect. Nothing nginx can do can help you in that case.

And note what

curl -H 'X-Forwarded-For: 127.0.0.2, 127.0.0.3' http://[thttpd-server]/env.cgi

shows that is different.

If thttpd directly works (as above) and through nginx doesn't, then check
the nginx debug log to see what exactly nginx is sending to thttpd --
it'll be the line with

http script copy: "X-Forwarded-For: "

and the next line will show the value.

Test using

curl http://[nginx-server]/env.cgi

and possibly

curl -H 'X-Forwarded-For: 127.0.0.2' http://[nginx-server]/env.cgi

> > If they are not what you expect, check what nginx is doing.
>
> how could i do that?

debug log.

Overall, when I test here, it all works as expected, by which I mean:

when I access nginx on 10.0.2.15 which proxy_pass'es to thttpd on
127.0.0.1, I see REMOTE_ADDR=10.0.2.15

when I access nginx on 10.0.2.15 through any other proxy,
so that X-Forwarded-For is set before it gets to nginx, I see
REMOTE_ADDR=127.0.0.1

This patch to thttpd seems to require that X-Forwarded-For contains
exactly one address, which means that you must not set it in nginx using

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

You'll instead want something like

proxy_set_header X-Forwarded-For $remote_addr;

with some careful thought about what to do if X-Forwarded-For was set
in the request to nginx.

Good luck,

f
--
Francis Daly francis@daoine.org

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

nginx and thttpd + cgi, remote_addr = 127.0.0.1

Кирюшкин Владимир October 25, 2011 05:12PM

Re: nginx and thttpd + cgi, remote_addr = 127.0.0.1

Francis Daly October 25, 2011 06:12PM

Re: nginx and thttpd + cgi, remote_addr = 127.0.0.1

Кирюшкин Владимир October 25, 2011 06:18PM

Re: nginx and thttpd + cgi, remote_addr = 127.0.0.1

Aleksandar Lazic October 25, 2011 06:42PM

Re: nginx and thttpd + cgi, remote_addr = 127.0.0.1

Francis Daly October 26, 2011 09:04AM

Re: nginx and thttpd + cgi, remote_addr = 127.0.0.1

Кирюшкин Владимир October 26, 2011 10:34AM

Re: nginx and thttpd + cgi, remote_addr = 127.0.0.1

Igor Sysoev October 26, 2011 10:28AM

Re: nginx and thttpd + cgi, remote_addr = 127.0.0.1

Кирюшкин Владимир October 26, 2011 11:50AM

Re: nginx and thttpd + cgi, remote_addr = 127.0.0.1

Aleksandar Lazic October 26, 2011 11:52AM

Re: nginx and thttpd + cgi, remote_addr = 127.0.0.1

Кирюшкин Владимир October 26, 2011 04:38PM

Re: nginx and thttpd + cgi, remote_addr = 127.0.0.1

Aleksandar Lazic October 26, 2011 05:04PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 78
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready