Hello!

On Tue, Aug 16, 2011 at 02:40:29PM +0300, Anatoli Marinov wrote:

> My patch for this issue was:
> @@ -157,16 +157,13 @@
> len = r->headers_in.x_forwarded_for->value.len;
> ip = r->headers_in.x_forwarded_for->value.data;
>
> - for (p = ip + len - 1; p > ip; p--) {
> - if (*p == ' ' || *p == ',') {
> - p++;
> - len -= p - ip;
> - ip = p;
> - break;
> - }
> - }
> + p = ip;
>
> - break;
> + while(*p != ',' && *p != ' ' && p < p + len){
> + p++;
> + }
> + len = p - ip;
> + break;
>
> default: /* NGX_HTTP_REALIP_HEADER */

This patch is just wrong: it picks first address from
X-Forwarded-For which may be easily forged.

Maxim Dounin

>
> @@ -414,6 +411,7 @@
>
> On 08/16/2011 12:46 PM, Anatoli Marinov wrote:
> >Hello mates,
> >I tried readip_module and I found it does not work as I expect.
> >For example the header may looks like this:
> >X-Forwarded-For: client1, proxy1, proxy2
> >
> >Where client1 should be the real ip address of the client, proxy1
> >should be the first proxy after the client and proxy2 should be
> >the last proxy after the client and the first before the nginx.
> >Nginx has the connection with proxy2.
> >I think In this case readip_module should return client1 ip
> >address. It returns the latest address in the field - proxy2.
> >What do you think? Is the behaviour wrong or I do not understand
> >the meaning of this header?
> >
> >p.s. http://en.wikipedia.org/wiki/X-Forwarded-For
> >
> >Thanks in advance.
> >A. Marinov
> >
> >
> >_______________________________________________
> >nginx-devel mailing list
> >nginx-devel@nginx.org
> >http://mailman.nginx.org/mailman/listinfo/nginx-devel
>

> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel