nginx - get value of the header - x_forwarded_for in Nginx module (Naxsi)

Marcin Kozlowski marcinguy at gmail.com
Fri Dec 27 22:42:30 UTC 2019


Thanks. Almost got my modifications to NAXSI ready.

But currently have a blocker with getting just the X-Forwarded-for IP

The code below:

ngx_uint_t n;
ngx_table_elt_t **h;
ngx_array_t a;
a = req->headers_in.x_forwarded_for;
n = a.nelts;
h = a.elts;


for (i = 0; i<n; i++) {
   ngx_log_error(NGX_LOG_ERR, req->connection->log,
              0, "x_forwarded_for: %s", h[i]->value.data);
}

gets a String with several IP (i.e client, server, request etc)

Tried to parse the string using strtok(), interating through it .... but it
segfaults. I guess I am missing some NGINX module knowledge.

How to properly get first string up to first "," from the h[i]->value.data
using NGINX functions/types or other correct way to do it.

Thanks,





On Wed, Dec 25, 2019 at 12:17 PM Ruslan Ermilov <ru at nginx.com> wrote:

> On Tue, Dec 24, 2019 at 08:00:26PM +0100, Marcin Kozlowski wrote:
> > Thanks.
> >
> > Works. For the reference, this is the code I used:
> >
> >   ngx_uint_t n;
> >   ngx_table_elt_t **h;
> >   ngx_array_t a;
> >   a = req->headers_in.x_forwarded_for;
> >   n = a.nelts;
> >   h = a.elts;
> >
> >
> >   for (i = 0; i<n; i++) {
> >     ngx_log_error(NGX_LOG_ERR, req->connection->log,
> >               0, "x_forwarded_for: %s", h[i]->value.data);
> >   }
> >
> > BTW What would be the best practice in NGINX NASIX module or any other
> > module to load a file with hundreds entries of IPs (hashmap, or what
> > structure would be best?) which should be whitelisted later for
> comparison
> > in NASIX module logic. Those IP should never be blocked by NAXSI.
> >
> > When should I load this file in memory, in which component
> > /module/function/step?
> >
> > Links to some guides/sample code would be also appreciated.
> >
> > Thanks,
>
> http://nginx.org/en/docs/http/ngx_http_geo_module.html
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20191227/e591373e/attachment.htm>


More information about the nginx-devel mailing list