<div dir="ltr"><div dir="ltr"><div>Thanks.</div><div><br></div><div>Works. For the reference, this is the code I used:<br></div><div><br></div><div> ngx_uint_t n;<br> ngx_table_elt_t **h;<br> ngx_array_t a;<br> a = req->headers_in.x_forwarded_for;<br> n = a.nelts;<br> h = a.elts;<br><br><br> for (i = 0; i<n; i++) {<br> ngx_log_error(NGX_LOG_ERR, req->connection->log,<br> 0, "x_forwarded_for: %s", h[i]->value.data);<br> }</div><div><br></div><div>BTW What would be the best practice in NGINX NASIX module or any other module to load a file with hundreds entries of IPs (hashmap, or what structure would be best?) which should be whitelisted later for comparison in NASIX module logic. Those IP should never be blocked by NAXSI.<br></div><div><br></div><div>When should I load this file in memory, in which component /module/function/step?</div><div><br></div><div>Links to some guides/sample code would be also appreciated.</div><div><br></div><div>Thanks,<br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Dec 24, 2019 at 10:37 AM Ruslan Ermilov <<a href="mailto:ru@nginx.com">ru@nginx.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Mon, Dec 23, 2019 at 11:04:43PM +0100, Marcin Kozlowski wrote:<br>
> Hi List,<br>
> <br>
> How to get x_forwarded_for sent in the request in NGINX module (NAXSI in<br>
> particular):<br>
> <br>
> My attempt:<br>
> <br>
> ngx_log_error(NGX_LOG_ERR, req->connection->log,<br>
> 0, "test %s", (char *)req->headers_in.x_forwarded_for.elts);<br>
> <br>
> The bigger problem I am trying to solve with NAXSI is this:<br>
> <br>
> <a href="https://stackoverflow.com/questions/59453729/naxsi-blacklist-and-whitelist-setup-with-nginx" rel="noreferrer" target="_blank">https://stackoverflow.com/questions/59453729/naxsi-blacklist-and-whitelist-setup-with-nginx</a><br>
> <br>
> I want to simply create a map and check if X-forwarded-for is on the<br>
> whitelist and if yes, always allow it.<br>
> <br>
> Above does not work. Prints garabge. Why it is (void *) ???<br>
> <br>
> Debugging it:<br>
> <br>
> $1 = (ngx_http_request_t *) 0xa44df0<br>
> (gdb) p req->headers_<br>
> headers_in headers_out<br>
> (gdb) p req->headers_in<br>
> $2 = {headers = {last = 0xa44e60, part = {elts = 0xad4d10, nelts = 7, next<br>
> = 0x0}, size = 48, nalloc = 20,<br>
> pool = 0xa44da0}, host = 0xad4d10, connection = 0x0, if_modified_since<br>
> = 0x0, if_unmodified_since = 0x0,<br>
> if_match = 0x0, if_none_match = 0x0, user_agent = 0xad4d70, referer =<br>
> 0x0, content_length = 0x0,<br>
> content_range = 0x0, content_type = 0x0, range = 0x0, if_range = 0x0,<br>
> transfer_encoding = 0x0, te = 0x0,<br>
> expect = 0x0, upgrade = 0x0, accept_encoding = 0x0, via = 0x0,<br>
> authorization = 0x0, keep_alive = 0x0,<br>
> x_forwarded_for = {elts = 0xa45b98, nelts = 1, size = 8, nalloc = 1, pool<br>
> = 0xa44da0}, x_real_ip = 0x0, user = {<br>
> len = 0, data = 0x0}, passwd = {len = 0, data = 0x0}, cookies = {elts =<br>
> 0x0, nelts = 0, size = 0, nalloc = 0,<br>
> pool = 0x0}, server = {len = 32, data = 0xa449a9 "<a href="http://domain.com" rel="noreferrer" target="_blank">domain.com</a>"},<br>
> content_length_n = -1,<br>
> keep_alive_n = -1, connection_type = 2, chunked = 0, msie = 0, msie6 = 0,<br>
> opera = 0, gecko = 0, chrome = 0,<br>
> safari = 0, konqueror = 0}<br>
> (gdb) p req->headers_in.x_forwarded_for<br>
> $3 = {elts = 0xa45b98, nelts = 1, size = 8, nalloc = 1, pool = 0xa44da0}<br>
> (gdb) p req->headers_in.x_forwarded_for .elts<br>
> $4 = (void *) 0xa45b98<br>
> (gdb) p req->headers_in.x_forwarded_for.elts<br>
> $5 = (void *) 0xa45b98<br>
> <br>
> What structure is this? Linked List? Why the elts point to garbage, when I<br>
> know the Loadbalancer added the X-Forwarded-for header with value.<br>
<br>
It's an array of type ngx_table_elt_t, the number of elements is<br>
in "nelts". Please see the handler for the $http_x_forwarded_for<br>
variable in the ngx_http_variables.c on how to work with it.<br>
_______________________________________________<br>
nginx-devel mailing list<br>
<a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a><br>
</blockquote></div></div>