nginx - get value of the header - x_forwarded_for in Nginx module (Naxsi)
Marcin Kozlowski
marcinguy at gmail.com
Sat Dec 28 19:35:25 UTC 2019
Still have few questions. Help would be great
Beginner in writing NGINX modules
Have this question
1) How do I create array, add element to it and than create a hashtable
from it.
Below I try to achieve it:
NX_LOG_DEBUG(_debug_whitelist_heavy,
NGX_LOG_EMERG, cf, 0,
"finalizing hashtables array %i", dlc->pass_rules->nelts);
headers_ar = ngx_array_create(cf->pool, dlc->pass_rules->nelts,
sizeof(ngx_hash_key_t));
if (headers_ar) {
NX_LOG_DEBUG(_debug_readconf, NGX_LOG_EMERG, cf, 0,
"headers array %i",headers_ar->nelts);
2) Why headers_ar has 0 elemets
nginx: [emerg] finalizing hashtables array 6 in /etc/nginx/nginx.conf:124
nginx: [emerg] headers array 0 in /etc/nginx/nginx.conf:124
3) I later want to build hashtable based on this array:
dlc->passr_headers_hash = (ngx_hash_t*) ngx_pcalloc(cf->pool,
sizeof(ngx_hash_t));
hash_init.hash = dlc->passr_headers_hash;
hash_init.name = "passr_headers_hash";
if (ngx_hash_init(&hash_init, (ngx_hash_key_t*) headers_ar->elts,
headers_ar->nelts) != NGX_OK) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "$HEADERS hashtable init
failed"); /* LCOV_EXCL_LINE */
return (NGX_ERROR); /* LCOV_EXCL_LINE */
}
else {
NX_LOG_DEBUG(_debug_whitelist, NGX_LOG_EMERG, cf, 0, "$HEADERS
hashtable init successed %d !",
dlc->passr_headers_hash->size);
}
4) Can somebody post simple code that
a) creates array
b) pushes one IP
c) create hashtable from it
Thanks,
On Sat, Dec 28, 2019 at 3:36 PM Marcin Kozlowski <marcinguy at gmail.com>
wrote:
> Ignore my last post.
>
> My error.
>
> Thanks,
>
> On Fri, Dec 27, 2019 at 11:42 PM Marcin Kozlowski <marcinguy at gmail.com>
> wrote:
>
>> Thanks. Almost got my modifications to NAXSI ready.
>>
>> But currently have a blocker with getting just the X-Forwarded-for IP
>>
>> The code below:
>>
>> ngx_uint_t n;
>> ngx_table_elt_t **h;
>> ngx_array_t a;
>> a = req->headers_in.x_forwarded_for;
>> n = a.nelts;
>> h = a.elts;
>>
>>
>> for (i = 0; i<n; i++) {
>> ngx_log_error(NGX_LOG_ERR, req->connection->log,
>> 0, "x_forwarded_for: %s", h[i]->value.data);
>> }
>>
>> gets a String with several IP (i.e client, server, request etc)
>>
>> Tried to parse the string using strtok(), interating through it .... but
>> it segfaults. I guess I am missing some NGINX module knowledge.
>>
>> How to properly get first string up to first "," from the
>> h[i]->value.data using NGINX functions/types or other correct way to do it.
>>
>> Thanks,
>>
>>
>>
>>
>>
>> On Wed, Dec 25, 2019 at 12:17 PM Ruslan Ermilov <ru at nginx.com> wrote:
>>
>>> On Tue, Dec 24, 2019 at 08:00:26PM +0100, Marcin Kozlowski wrote:
>>> > Thanks.
>>> >
>>> > Works. For the reference, this is the code I used:
>>> >
>>> > ngx_uint_t n;
>>> > ngx_table_elt_t **h;
>>> > ngx_array_t a;
>>> > a = req->headers_in.x_forwarded_for;
>>> > n = a.nelts;
>>> > h = a.elts;
>>> >
>>> >
>>> > for (i = 0; i<n; i++) {
>>> > ngx_log_error(NGX_LOG_ERR, req->connection->log,
>>> > 0, "x_forwarded_for: %s", h[i]->value.data);
>>> > }
>>> >
>>> > BTW What would be the best practice in NGINX NASIX module or any other
>>> > module to load a file with hundreds entries of IPs (hashmap, or what
>>> > structure would be best?) which should be whitelisted later for
>>> comparison
>>> > in NASIX module logic. Those IP should never be blocked by NAXSI.
>>> >
>>> > When should I load this file in memory, in which component
>>> > /module/function/step?
>>> >
>>> > Links to some guides/sample code would be also appreciated.
>>> >
>>> > Thanks,
>>>
>>> http://nginx.org/en/docs/http/ngx_http_geo_module.html
>>> _______________________________________________
>>> nginx-devel mailing list
>>> nginx-devel at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20191228/8cd3ef91/attachment.htm>
More information about the nginx-devel
mailing list