Welcome! Log In Create A New Profile

Advanced

[PATCH] Added $realip_add_x_forwarded_for

J Carter
May 13, 2023 11:54PM
# HG changeset patch
# User jordanc.carter@outlook.com
# Date 1684035158 -3600
# Sun May 14 04:32:38 2023 +0100
# Node ID dad6e472ee0d97a738b117f6480987ef135c9e7f
# Parent b71e69247483631bd8fc79a47cc32b762625b1fb
Added $realip_add_x_forwarded_for

Resolves Ticket #2127.

Duplicates the functionality of proxy_add_x_forwarded_for, except
the true source ip is appended and not the remote address extracted
by the real IP module.

In practice this is proxy_add_x_forwarded_for but $realip_remote_addr
is used and not $remote_addr.

This follows the same convention as $realip_remote_addr and
$real_ip_remote_port, in that it is a drop in replacement for
$proxy_add_x_forwarded_for that can be used in contexts that both do
and do not have the real_ip directives, with the same results.

An example configuration:

server {
listen 80;
real_ip_header X-Forwarded-For;
set_real_ip_from 127.0.0.1;

location / {
proxy_set_header X-Forwarded-For $realip_add_x_forwarded_for;
proxy_set_header Remote $remote_addr;
proxy_pass http://127.0.0.1:8080;
}
}

server {
listen 8080;

add_header Echo-X-Forwarded_For $http_x_forwarded_for;
add_header Echo-Remote $http_remote;
return 200;
}

test with:

curl -I --interface 127.0.0.1 -H "X-Forwarded-For: 10.0.0.1" localhost
curl -I --interface 127.0.0.2 -H "X-Forwarded-For: 10.0.0.1" localhost

diff --git a/src/http/modules/ngx_http_realip_module.c
b/src/http/modules/ngx_http_realip_module.c ---
a/src/http/modules/ngx_http_realip_module.c +++
b/src/http/modules/ngx_http_realip_module.c @@ -53,6 +53,8 @@
ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t
ngx_http_realip_remote_port_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data); +static ngx_int_t
ngx_http_realip_add_x_forwarded_for_variable(ngx_http_request_t *r,
+ ngx_http_variable_value_t *v, uintptr_t data);


static ngx_command_t ngx_http_realip_commands[] = {
@@ -122,6 +124,9 @@
{ ngx_string("realip_remote_port"), NULL,
ngx_http_realip_remote_port_variable, 0, 0, 0 },

+ { ngx_string("realip_add_x_forwarded_for"), NULL,
+ ngx_http_realip_add_x_forwarded_for_variable, 0, 0, 0 },
+
ngx_http_null_variable
};

@@ -619,3 +624,55 @@

return NGX_OK;
}
+
+
+static ngx_int_t
+ngx_http_realip_add_x_forwarded_for_variable(ngx_http_request_t *r,
+ ngx_http_variable_value_t *v, uintptr_t data)
+{
+ size_t len;
+ u_char *p;
+ ngx_str_t *addr_text;
+ ngx_table_elt_t *h, *xfwd;
+ ngx_http_realip_ctx_t *ctx;
+
+ v->valid = 1;
+ v->no_cacheable = 0;
+ v->not_found = 0;
+
+ len = 0;
+
+ ctx = ngx_http_realip_get_module_ctx(r);
+ addr_text = ctx ? &ctx->addr_text : &r->connection->addr_text;
+
+ xfwd = r->headers_in.x_forwarded_for;
+
+ for (h = xfwd; h; h = h->next) {
+ len += h->value.len + sizeof(", ") - 1;
+ }
+
+ if (len == 0) {
+ v->len = addr_text->len;
+ v->data = addr_text->data;
+ return NGX_OK;
+ }
+
+ len += addr_text->len;
+
+ p = ngx_pnalloc(r->pool, len);
+ if (p == NULL) {
+ return NGX_ERROR;
+ }
+
+ v->len = len;
+ v->data = p;
+
+ for (h = xfwd; h; h = h->next) {
+ p = ngx_copy(p, h->value.data, h->value.len);
+ *p++ = ','; *p++ = ' ';
+ }
+
+ ngx_memcpy(p, addr_text->data, addr_text->len);
+
+ return NGX_OK;
+}
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH] Added $realip_add_x_forwarded_for

J Carter 160 May 13, 2023 11:54PM

Re: [PATCH] Added $realip_add_x_forwarded_for Attachments

J Carter 25 May 14, 2023 02:48AM

Re: [PATCH] Added $realip_add_x_forwarded_for

Maxim Dounin 16 May 22, 2023 08:50AM

Re: [PATCH] Added $realip_add_x_forwarded_for

J Carter 9 May 28, 2023 12:30AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 82
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready