nginx - get value of the header - x_forwarded_for in Nginx module (Naxsi)

Hung Nguyen hungnv at opensource.com.vn
Sun Dec 29 02:27:02 UTC 2019


Hello, 

I suggest you to read nginx development guide which is available on nginx.org. 

About getting x forward for headers, if you take a look at some built in module there’s already exist implementation which takes the headers and returns an array.

--
Hưng

> On Dec 29, 2019, at 03:49, Robert Paprocki <rpaprocki at fearnothingproductions.net> wrote:
> 
> The array has 0 nelts because you haven’t added anything to do. nelts is the number of elements in the array, not the size of the array. 
> 
> Add an element to the array with ngx_array_push(). 
> 
>>> On Dec 28, 2019, at 11:35, Marcin Kozlowski <marcinguy at gmail.com> wrote:
>>> 
>> 
>> Still have few questions. Help would be great
>> 
>> Beginner in writing NGINX modules
>> 
>> Have this question
>> 
>> 1) How do I create array, add element to it and than create a hashtable from it.
>> 
>> Below I try to achieve it:
>> 
>> NX_LOG_DEBUG(_debug_whitelist_heavy,
>> NGX_LOG_EMERG, cf, 0,
>>                "finalizing hashtables array %i",  dlc->pass_rules->nelts);
>> 
>> headers_ar = ngx_array_create(cf->pool, dlc->pass_rules->nelts, sizeof(ngx_hash_key_t));
>> 
>> 
>> 
>> if (headers_ar) {
>>     NX_LOG_DEBUG(_debug_readconf,  NGX_LOG_EMERG, cf, 0,
>>                "headers array %i",headers_ar->nelts);
>> 
>> 2) Why headers_ar has 0 elemets
>> 
>> nginx: [emerg] finalizing hashtables array 6 in /etc/nginx/nginx.conf:124
>> nginx: [emerg] headers array 0 in /etc/nginx/nginx.conf:124
>> 
>> 
>> 
>> 3) I later want to build hashtable based on this array:
>> 
>>     dlc->passr_headers_hash =  (ngx_hash_t*) ngx_pcalloc(cf->pool, sizeof(ngx_hash_t));
>>     hash_init.hash = dlc->passr_headers_hash;
>>     hash_init.name = "passr_headers_hash";
>> 
>> 
>> 
>>     if (ngx_hash_init(&hash_init, (ngx_hash_key_t*) headers_ar->elts,
>>                       headers_ar->nelts) != NGX_OK) {
>>       ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "$HEADERS hashtable init failed"); /* LCOV_EXCL_LINE */
>>       return (NGX_ERROR); /* LCOV_EXCL_LINE */
>>     }
>> 
>>     else {
>>       NX_LOG_DEBUG(_debug_whitelist, NGX_LOG_EMERG, cf, 0, "$HEADERS hashtable init successed %d !",
>>                          dlc->passr_headers_hash->size);
>>     }
>> 
>> 
>> 
>> 4) Can somebody post simple code that
>> 
>> a) creates array
>> b) pushes one IP
>> c) create hashtable from it
>> 
>> Thanks,
>> 
>> 
>>> On Sat, Dec 28, 2019 at 3:36 PM Marcin Kozlowski <marcinguy at gmail.com> wrote:
>>> Ignore my last post.
>>> 
>>> My error.
>>> 
>>> Thanks,
>>> 
>>>> On Fri, Dec 27, 2019 at 11:42 PM Marcin Kozlowski <marcinguy at gmail.com> wrote:
>>>> Thanks. Almost got my modifications to NAXSI ready.
>>>> 
>>>> But currently have a blocker with getting just the X-Forwarded-for IP
>>>> 
>>>> The code below:
>>>> 
>>>> ngx_uint_t n;
>>>> ngx_table_elt_t **h;
>>>> ngx_array_t a;
>>>> a = req->headers_in.x_forwarded_for;
>>>> n = a.nelts;
>>>> h = a.elts;
>>>>  
>>>>   
>>>> for (i = 0; i<n; i++) {
>>>>    ngx_log_error(NGX_LOG_ERR, req->connection->log,
>>>>               0, "x_forwarded_for: %s", h[i]->value.data);
>>>> }
>>>> 
>>>> gets a String with several IP (i.e client, server, request etc)
>>>> 
>>>> Tried to parse the string using strtok(), interating through it .... but it segfaults. I guess I am missing some NGINX module knowledge.
>>>> 
>>>> How to properly get first string up to first "," from the h[i]->value.data using NGINX functions/types or other correct way to do it.
>>>> 
>>>> Thanks,
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>> On Wed, Dec 25, 2019 at 12:17 PM Ruslan Ermilov <ru at nginx.com> wrote:
>>>>> On Tue, Dec 24, 2019 at 08:00:26PM +0100, Marcin Kozlowski wrote:
>>>>> > Thanks.
>>>>> > 
>>>>> > Works. For the reference, this is the code I used:
>>>>> > 
>>>>> >   ngx_uint_t n;
>>>>> >   ngx_table_elt_t **h;
>>>>> >   ngx_array_t a;
>>>>> >   a = req->headers_in.x_forwarded_for;
>>>>> >   n = a.nelts;
>>>>> >   h = a.elts;
>>>>> > 
>>>>> > 
>>>>> >   for (i = 0; i<n; i++) {
>>>>> >     ngx_log_error(NGX_LOG_ERR, req->connection->log,
>>>>> >               0, "x_forwarded_for: %s", h[i]->value.data);
>>>>> >   }
>>>>> > 
>>>>> > BTW What would be the best practice in NGINX NASIX module or any other
>>>>> > module to load a file with hundreds entries of IPs (hashmap, or what
>>>>> > structure would be best?) which should be whitelisted later for comparison
>>>>> > in NASIX module logic. Those IP should never be blocked by NAXSI.
>>>>> > 
>>>>> > When should I load this file in memory, in which component
>>>>> > /module/function/step?
>>>>> > 
>>>>> > Links to some guides/sample code would be also appreciated.
>>>>> > 
>>>>> > Thanks,
>>>>> 
>>>>> http://nginx.org/en/docs/http/ngx_http_geo_module.html
>>>>> _______________________________________________
>>>>> nginx-devel mailing list
>>>>> nginx-devel at nginx.org
>>>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>> _______________________________________________
>> nginx-devel mailing list
>> nginx-devel at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20191229/8565b715/attachment.htm>


More information about the nginx-devel mailing list