[PATCH]add proxy_protocol_port variable for rfc6302
junpei yoshino
junpei.yoshino at gmail.com
Mon Apr 4 17:12:21 UTC 2016
Hi
Thank you for your information and for reading my code.
I took a mistake.
You are right.
Forwarded header is good.
I rewrite patch.
which is better way ?
1.
"real_ip_from Forwarded" replace remote_addr and remote_port.
And proxy_protocol also replace remote_addr and remote_port, too.
2.
"real_port_from Forwarded" replace port only.
ip and port is independent.
Also proxy protocol must configure real_ip_from and real_port_from.
3.
At first, not care Forwarded header.
delete code related x-forwarded-port.
support only custom http header including port number.
4. another way
Best Regards,
Junpei Yoshino
On Tue, Apr 5, 2016 at 12:30 AM, Maxim Dounin <mdounin at mdounin.ru> wrote:
> Hello!
>
> On Sat, Apr 02, 2016 at 10:48:42PM +0900, junpei yoshino wrote:
>
>> Hi
>>
>> I wrote additional patch.
>> support port information in realip module.
>>
>> if you use "real_port_header X-Forwarded-Port;"
>> or "real_port_header proxy_protocol;",
>> $remote_port and $realip_remote_port are replaced.
>
> I don't think that X-Forwarded-Port is a good idea:
>
> - where seen, it's used for other purposes - to indicate _server_
> port of a load balancer, not client port;
>
> - it should be easily possible to use the same header to pass to
> both addresses and ports; this is how it is defined in RFC
> 7239 for the Forwarded header, and we can use something similar at
> least for custom headers.
>
> --
> Maxim Dounin
> http://nginx.org/
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
--
junpei.yoshino at gmail.com
More information about the nginx-devel
mailing list