Welcome! Log In Create A New Profile

Advanced

Re: realip_module

Previous Message Next Message
Forum List Message List New Topic Print View
toli
August 16, 2011 09:20AM
Thanks m-r Dounin,
I understood your point of view. The patch is not correct.

Thank you.

On 08/16/2011 03:42 PM, Maxim Dounin wrote:
> Hello!
>
> On Tue, Aug 16, 2011 at 02:40:29PM +0300, Anatoli Marinov wrote:
>
>> My patch for this issue was:
>> @@ -157,16 +157,13 @@
>> len = r->headers_in.x_forwarded_for->value.len;
>> ip = r->headers_in.x_forwarded_for->value.data;
>>
>> - for (p = ip + len - 1; p> ip; p--) {
>> - if (*p == ' ' || *p == ',') {
>> - p++;
>> - len -= p - ip;
>> - ip = p;
>> - break;
>> - }
>> - }
>> + p = ip;
>>
>> - break;
>> + while(*p != ','&& *p != ' '&& p< p + len){
>> + p++;
>> + }
>> + len = p - ip;
>> + break;
>>
>> default: /* NGX_HTTP_REALIP_HEADER */
> This patch is just wrong: it picks first address from
> X-Forwarded-For which may be easily forged.
>
> Maxim Dounin
>
>> @@ -414,6 +411,7 @@
>>
>> On 08/16/2011 12:46 PM, Anatoli Marinov wrote:
>>> Hello mates,
>>> I tried readip_module and I found it does not work as I expect.
>>> For example the header may looks like this:
>>> X-Forwarded-For: client1, proxy1, proxy2
>>>
>>> Where client1 should be the real ip address of the client, proxy1
>>> should be the first proxy after the client and proxy2 should be
>>> the last proxy after the client and the first before the nginx.
>>> Nginx has the connection with proxy2.
>>> I think In this case readip_module should return client1 ip
>>> address. It returns the latest address in the field - proxy2.
>>> What do you think? Is the behaviour wrong or I do not understand
>>> the meaning of this header?
>>>
>>> p.s. http://en.wikipedia.org/wiki/X-Forwarded-For
>>>
>>> Thanks in advance.
>>> A. Marinov
>>>
>>>
>>> _______________________________________________
>>> nginx-devel mailing list
>>> nginx-devel@nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>> _______________________________________________
>> nginx-devel mailing list
>> nginx-devel@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

realip_module

toli 2248 August 16, 2011 05:48AM

Re: realip_module

toli 889 August 16, 2011 07:42AM

Re: realip_module

Maxim Dounin 812 August 16, 2011 08:44AM

Re: realip_module

toli 980 August 16, 2011 09:20AM

Re: realip_module

Maxim Dounin 734 August 16, 2011 08:40AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 316
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready