nginx - get value of the header - x_forwarded_for in Nginx module (Naxsi)
Marcin Kozlowski
marcinguy at gmail.com
Tue Dec 24 19:00:26 UTC 2019
Thanks.
Works. For the reference, this is the code I used:
ngx_uint_t n;
ngx_table_elt_t **h;
ngx_array_t a;
a = req->headers_in.x_forwarded_for;
n = a.nelts;
h = a.elts;
for (i = 0; i<n; i++) {
ngx_log_error(NGX_LOG_ERR, req->connection->log,
0, "x_forwarded_for: %s", h[i]->value.data);
}
BTW What would be the best practice in NGINX NASIX module or any other
module to load a file with hundreds entries of IPs (hashmap, or what
structure would be best?) which should be whitelisted later for comparison
in NASIX module logic. Those IP should never be blocked by NAXSI.
When should I load this file in memory, in which component
/module/function/step?
Links to some guides/sample code would be also appreciated.
Thanks,
On Tue, Dec 24, 2019 at 10:37 AM Ruslan Ermilov <ru at nginx.com> wrote:
> On Mon, Dec 23, 2019 at 11:04:43PM +0100, Marcin Kozlowski wrote:
> > Hi List,
> >
> > How to get x_forwarded_for sent in the request in NGINX module (NAXSI in
> > particular):
> >
> > My attempt:
> >
> > ngx_log_error(NGX_LOG_ERR, req->connection->log,
> > 0, "test %s", (char
> *)req->headers_in.x_forwarded_for.elts);
> >
> > The bigger problem I am trying to solve with NAXSI is this:
> >
> >
> https://stackoverflow.com/questions/59453729/naxsi-blacklist-and-whitelist-setup-with-nginx
> >
> > I want to simply create a map and check if X-forwarded-for is on the
> > whitelist and if yes, always allow it.
> >
> > Above does not work. Prints garabge. Why it is (void *) ???
> >
> > Debugging it:
> >
> > $1 = (ngx_http_request_t *) 0xa44df0
> > (gdb) p req->headers_
> > headers_in headers_out
> > (gdb) p req->headers_in
> > $2 = {headers = {last = 0xa44e60, part = {elts = 0xad4d10, nelts = 7,
> next
> > = 0x0}, size = 48, nalloc = 20,
> > pool = 0xa44da0}, host = 0xad4d10, connection = 0x0,
> if_modified_since
> > = 0x0, if_unmodified_since = 0x0,
> > if_match = 0x0, if_none_match = 0x0, user_agent = 0xad4d70, referer =
> > 0x0, content_length = 0x0,
> > content_range = 0x0, content_type = 0x0, range = 0x0, if_range = 0x0,
> > transfer_encoding = 0x0, te = 0x0,
> > expect = 0x0, upgrade = 0x0, accept_encoding = 0x0, via = 0x0,
> > authorization = 0x0, keep_alive = 0x0,
> > x_forwarded_for = {elts = 0xa45b98, nelts = 1, size = 8, nalloc = 1,
> pool
> > = 0xa44da0}, x_real_ip = 0x0, user = {
> > len = 0, data = 0x0}, passwd = {len = 0, data = 0x0}, cookies =
> {elts =
> > 0x0, nelts = 0, size = 0, nalloc = 0,
> > pool = 0x0}, server = {len = 32, data = 0xa449a9 "domain.com"},
> > content_length_n = -1,
> > keep_alive_n = -1, connection_type = 2, chunked = 0, msie = 0, msie6 =
> 0,
> > opera = 0, gecko = 0, chrome = 0,
> > safari = 0, konqueror = 0}
> > (gdb) p req->headers_in.x_forwarded_for
> > $3 = {elts = 0xa45b98, nelts = 1, size = 8, nalloc = 1, pool = 0xa44da0}
> > (gdb) p req->headers_in.x_forwarded_for .elts
> > $4 = (void *) 0xa45b98
> > (gdb) p req->headers_in.x_forwarded_for.elts
> > $5 = (void *) 0xa45b98
> >
> > What structure is this? Linked List? Why the elts point to garbage, when
> I
> > know the Loadbalancer added the X-Forwarded-for header with value.
>
> It's an array of type ngx_table_elt_t, the number of elements is
> in "nelts". Please see the handler for the $http_x_forwarded_for
> variable in the ngx_http_variables.c on how to work with it.
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20191224/8ef89638/attachment.htm>
More information about the nginx-devel
mailing list