nginx - get value of the header - x_forwarded_for in Nginx module (Naxsi)

Robert Paprocki rpaprocki at fearnothingproductions.net
Sat Dec 28 20:48:52 UTC 2019


The array has 0 nelts because you haven’t added anything to do. nelts is the number of elements in the array, not the size of the array. 

Add an element to the array with ngx_array_push(). 

> On Dec 28, 2019, at 11:35, Marcin Kozlowski <marcinguy at gmail.com> wrote:
> 
> 
> Still have few questions. Help would be great
> 
> Beginner in writing NGINX modules
> 
> Have this question
> 
> 1) How do I create array, add element to it and than create a hashtable from it.
> 
> Below I try to achieve it:
> 
> NX_LOG_DEBUG(_debug_whitelist_heavy,
> NGX_LOG_EMERG, cf, 0,
>                "finalizing hashtables array %i",  dlc->pass_rules->nelts);
> 
> headers_ar = ngx_array_create(cf->pool, dlc->pass_rules->nelts, sizeof(ngx_hash_key_t));
> 
> 
> 
> if (headers_ar) {
>     NX_LOG_DEBUG(_debug_readconf,  NGX_LOG_EMERG, cf, 0,
>                "headers array %i",headers_ar->nelts);
> 
> 2) Why headers_ar has 0 elemets
> 
> nginx: [emerg] finalizing hashtables array 6 in /etc/nginx/nginx.conf:124
> nginx: [emerg] headers array 0 in /etc/nginx/nginx.conf:124
> 
> 
> 
> 3) I later want to build hashtable based on this array:
> 
>     dlc->passr_headers_hash =  (ngx_hash_t*) ngx_pcalloc(cf->pool, sizeof(ngx_hash_t));
>     hash_init.hash = dlc->passr_headers_hash;
>     hash_init.name = "passr_headers_hash";
> 
> 
> 
>     if (ngx_hash_init(&hash_init, (ngx_hash_key_t*) headers_ar->elts,
>                       headers_ar->nelts) != NGX_OK) {
>       ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "$HEADERS hashtable init failed"); /* LCOV_EXCL_LINE */
>       return (NGX_ERROR); /* LCOV_EXCL_LINE */
>     }
> 
>     else {
>       NX_LOG_DEBUG(_debug_whitelist, NGX_LOG_EMERG, cf, 0, "$HEADERS hashtable init successed %d !",
>                          dlc->passr_headers_hash->size);
>     }
> 
> 
> 
> 4) Can somebody post simple code that
> 
> a) creates array
> b) pushes one IP
> c) create hashtable from it
> 
> Thanks,
> 
> 
>> On Sat, Dec 28, 2019 at 3:36 PM Marcin Kozlowski <marcinguy at gmail.com> wrote:
>> Ignore my last post.
>> 
>> My error.
>> 
>> Thanks,
>> 
>>> On Fri, Dec 27, 2019 at 11:42 PM Marcin Kozlowski <marcinguy at gmail.com> wrote:
>>> Thanks. Almost got my modifications to NAXSI ready.
>>> 
>>> But currently have a blocker with getting just the X-Forwarded-for IP
>>> 
>>> The code below:
>>> 
>>> ngx_uint_t n;
>>> ngx_table_elt_t **h;
>>> ngx_array_t a;
>>> a = req->headers_in.x_forwarded_for;
>>> n = a.nelts;
>>> h = a.elts;
>>>  
>>>   
>>> for (i = 0; i<n; i++) {
>>>    ngx_log_error(NGX_LOG_ERR, req->connection->log,
>>>               0, "x_forwarded_for: %s", h[i]->value.data);
>>> }
>>> 
>>> gets a String with several IP (i.e client, server, request etc)
>>> 
>>> Tried to parse the string using strtok(), interating through it .... but it segfaults. I guess I am missing some NGINX module knowledge.
>>> 
>>> How to properly get first string up to first "," from the h[i]->value.data using NGINX functions/types or other correct way to do it.
>>> 
>>> Thanks,
>>> 
>>> 
>>> 
>>> 
>>> 
>>>> On Wed, Dec 25, 2019 at 12:17 PM Ruslan Ermilov <ru at nginx.com> wrote:
>>>> On Tue, Dec 24, 2019 at 08:00:26PM +0100, Marcin Kozlowski wrote:
>>>> > Thanks.
>>>> > 
>>>> > Works. For the reference, this is the code I used:
>>>> > 
>>>> >   ngx_uint_t n;
>>>> >   ngx_table_elt_t **h;
>>>> >   ngx_array_t a;
>>>> >   a = req->headers_in.x_forwarded_for;
>>>> >   n = a.nelts;
>>>> >   h = a.elts;
>>>> > 
>>>> > 
>>>> >   for (i = 0; i<n; i++) {
>>>> >     ngx_log_error(NGX_LOG_ERR, req->connection->log,
>>>> >               0, "x_forwarded_for: %s", h[i]->value.data);
>>>> >   }
>>>> > 
>>>> > BTW What would be the best practice in NGINX NASIX module or any other
>>>> > module to load a file with hundreds entries of IPs (hashmap, or what
>>>> > structure would be best?) which should be whitelisted later for comparison
>>>> > in NASIX module logic. Those IP should never be blocked by NAXSI.
>>>> > 
>>>> > When should I load this file in memory, in which component
>>>> > /module/function/step?
>>>> > 
>>>> > Links to some guides/sample code would be also appreciated.
>>>> > 
>>>> > Thanks,
>>>> 
>>>> http://nginx.org/en/docs/http/ngx_http_geo_module.html
>>>> _______________________________________________
>>>> nginx-devel mailing list
>>>> nginx-devel at nginx.org
>>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20191228/24ea5cbf/attachment-0001.htm>


More information about the nginx-devel mailing list