nginx - get value of the header - x_forwarded_for in Nginx module (Naxsi)

Aaron Bedra aaron.bedra at gmail.com
Sun Jan 5 05:53:45 UTC 2020


The repsheet module does some of what you are looking for. You can look
at the XFF parsing at 
https://github.com/repsheet/repsheet-nginx/blob/master/ngx_http_repsheet_xff.c id="-x-evo-selection-start-marker">
On Mon, 2019-12-30 at 22:44 +0100, Marcin Kozlowski wrote:
> OK, this helped:
> 
> 
https://github.com/yakantosat/nginx-example/blob/master/ngx_hash_test.c
> 
> Thanks,
> 
> 
> 
> On Mon, Dec 30, 2019 at 4:47 PM Marcin Kozlowski <marcinguy at gmail.com
> > wrote:
> > I don't work with NGINX and modules and C daily. 
> > 
> > Still struggling with it. Feel free to contact me via the list or
> > to avoid spamming privately. Help will be greatly appreciated.
> > 
> > Trying to add whitelisting of IP to NAXSI
> > 
> > https://github.com/nbs-system/naxsi
> > 
> > 
> > 
> > How can I add simply one entry being IP to headers_ar?
> > 
> > 
> > 
> >   headers_ar = ngx_array_create(cf->pool, 1,
> > sizeof(ngx_hash_key_t));
> > 
> >   ngx_array_t *headers_ar_c;
> >   headers_ar_c = ngx_array_push(headers_ar);
> > 
> >   hash_init.key = &ngx_hash_key_lc;
> >   hash_init.pool = cf->pool;
> >   hash_init.temp_pool = NULL;
> >   hash_init.max_size  = 1024;
> >   hash_init.bucket_size = 512;
> > 
> > 
> >   dlc->passr_headers_hash =  (ngx_hash_t*) ngx_pcalloc(cf->pool,
> > sizeof(ngx_hash_t));
> >     hash_init.hash = dlc->passr_headers_hash;
> >     hash_init.name = "passr_headers_hash";
> > 
> >     if (ngx_hash_init(&hash_init, (ngx_hash_key_t*) headers_ar-
> > >elts,
> >                       headers_ar->nelts) != NGX_OK) {
> >       ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "$HEADERS hashtable
> > init failed"); /* LCOV_EXCL_LINE */
> >       return (NGX_ERROR); /* LCOV_EXCL_LINE */
> >     }
> > 
> >     else {
> >       NX_LOG_DEBUG(_debug_whitelist, NGX_LOG_EMERG, cf, 0,
> > "$HEADERS hashtable init successed %d !",
> >                          dlc->passr_headers_hash->size);
> >     }
> > 
> >  
> > 
> >   return (NGX_OK);
> > 
> > 
> > 
> > 
> > 
> > Later I have a function that looks for it in hash
> > 
> > Find in hash function:
> > 
> > ngx_http_pass_rule_t *
> > nx_find_pass_in_hash(
> >                 ngx_http_request_t *req,
> >                 ngx_str_t *mstr,
> >                 ngx_http_dummy_loc_conf_t *cf,
> >                 enum DUMMY_MATCH_ZONE zone)
> > {
> > ngx_http_pass_rule_t    *b = NULL;
> > 
> > ngx_uint_t   key;
> > 
> > ngx_str_t scratch = {.data = mstr->data, .len = mstr->len};
> > 
> > ngx_str_t k1 = ngx_string("key1");
> > key = ngx_hash_key(scratch.data, scratch.len);
> > 
> > b  = (ngx_http_pass_rule_t*)  ngx_hash_find(cf->passr_headers_hash, 
> > key, k1.data, k1.len);
> > if (b == NULL) {
> >     /* key not found */
> >   NX_DEBUG(_debug_custom_score,           NGX_LOG_DEBUG_HTTP, req-
> > >connection->log, 0,
> >                 "find hash 1");
> > 
> > }else{
> >  NX_DEBUG(_debug_custom_score,           NGX_LOG_DEBUG_HTTP, req-
> > >connection->log, 0,
> >                 "find hash 2");
> > 
> > 
> > }
> > 
> > return b;
> > 
> > }
> > Thanks,
> > 
> > 
> > 
> > 
> > On Sun, Dec 29, 2019 at 3:27 AM Hung Nguyen <
> > hungnv at opensource.com.vn> wrote:
> > > Hello, 
> > > I suggest you to read nginx development guide which is available
> > > on nginx.org. 
> > > 
> > > About getting x forward for headers, if you take a look at some
> > > built in module there’s already exist implementation which takes
> > > the headers and returns an array.
> > > 
> > > --Hưng
> > > > On Dec 29, 2019, at 03:49, Robert Paprocki <
> > > > rpaprocki at fearnothingproductions.net> wrote:
> > > > 
> > > > The array has 0 nelts because you haven’t added anything to
> > > > do. nelts is the number of elements in the array, not the size
> > > > of the array. 
> > > > Add an element to the array with ngx_array_push(). 
> > > > 
> > > > > On Dec 28, 2019, at 11:35, Marcin Kozlowski <
> > > > > marcinguy at gmail.com> wrote:
> > > > > 
> > > > > Still have few questions. Help would be great
> > > > > 
> > > > > Beginner in writing NGINX modules
> > > > > 
> > > > > Have this question
> > > > > 
> > > > > 1) How do I create array, add element to it and than create a
> > > > > hashtable from it.
> > > > > 
> > > > > Below I try to achieve it:
> > > > > 
> > > > > NX_LOG_DEBUG(_debug_whitelist_heavy,
> > > > > NGX_LOG_EMERG, cf, 0,
> > > > >                "finalizing hashtables array %i",  dlc-
> > > > > >pass_rules->nelts);
> > > > > 
> > > > > headers_ar = ngx_array_create(cf->pool, dlc->pass_rules-
> > > > > >nelts, sizeof(ngx_hash_key_t));
> > > > > 
> > > > > 
> > > > > 
> > > > > if (headers_ar) {
> > > > >     NX_LOG_DEBUG(_debug_readconf,  NGX_LOG_EMERG, cf, 0,
> > > > >                "headers array %i",headers_ar->nelts);
> > > > > 
> > > > > 2) Why headers_ar has 0 elemets
> > > > > 
> > > > > nginx: [emerg] finalizing hashtables array 6 in
> > > > > /etc/nginx/nginx.conf:124
> > > > > nginx: [emerg] headers array 0 in /etc/nginx/nginx.conf:124
> > > > > 
> > > > > 
> > > > > 
> > > > > 3) I later want to build hashtable based on this array:
> > > > > 
> > > > >     dlc->passr_headers_hash =  (ngx_hash_t*) ngx_pcalloc(cf-
> > > > > >pool, sizeof(ngx_hash_t));
> > > > >     hash_init.hash = dlc->passr_headers_hash;
> > > > >     hash_init.name = "passr_headers_hash";
> > > > > 
> > > > > 
> > > > > 
> > > > >     if (ngx_hash_init(&hash_init, (ngx_hash_key_t*)
> > > > > headers_ar->elts,
> > > > >                       headers_ar->nelts) != NGX_OK) {
> > > > >       ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "$HEADERS
> > > > > hashtable init failed"); /* LCOV_EXCL_LINE */
> > > > >       return (NGX_ERROR); /* LCOV_EXCL_LINE */
> > > > >     }
> > > > > 
> > > > >     else {
> > > > >       NX_LOG_DEBUG(_debug_whitelist, NGX_LOG_EMERG, cf, 0,
> > > > > "$HEADERS hashtable init successed %d !",
> > > > >                          dlc->passr_headers_hash->size);
> > > > >     }
> > > > > 
> > > > > 
> > > > > 
> > > > > 4) Can somebody post simple code that
> > > > > 
> > > > > a) creates array
> > > > > b) pushes one IP
> > > > > c) create hashtable from it
> > > > > 
> > > > > Thanks,
> > > > > 
> > > > > 
> > > > > 
> > > > > On Sat, Dec 28, 2019 at 3:36 PM Marcin Kozlowski <
> > > > > marcinguy at gmail.com> wrote:
> > > > > > Ignore my last post.
> > > > > > 
> > > > > > My error.
> > > > > > 
> > > > > > Thanks,
> > > > > > 
> > > > > > On Fri, Dec 27, 2019 at 11:42 PM Marcin Kozlowski <
> > > > > > marcinguy at gmail.com> wrote:
> > > > > > > Thanks. Almost got my modifications to NAXSI ready.
> > > > > > > 
> > > > > > > But currently have a blocker with getting just the X-
> > > > > > > Forwarded-for IP
> > > > > > > 
> > > > > > > The code below:
> > > > > > > 
> > > > > > > ngx_uint_t n;
> > > > > > > ngx_table_elt_t **h;
> > > > > > > 
> > > > > > > ngx_array_t a;
> > > > > > > 
> > > > > > > a = req->headers_in.x_forwarded_for;
> > > > > > > 
> > > > > > > n = a.nelts;
> > > > > > > 
> > > > > > > h = a.elts;
> > > > > > >  
> > > > > > >  
> > > > > > > 
> > > > > > > for (i = 0; i<n; i++) {
> > > > > > >   
> > > > > > > ngx_log_error(NGX_LOG_ERR, req->connection->log,
> > > > > > > 
> > > > > > >               0, "x_forwarded_for: %s", h[i]-
> > > > > > > >value.data);
> > > > > > > }
> > > > > > > 
> > > > > > > 
> > > > > > > gets a String with several IP (i.e client, server,
> > > > > > > request etc)
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > Tried to parse the string using strtok(), interating
> > > > > > > through it .... but it segfaults. I guess I am missing
> > > > > > > some NGINX module knowledge.
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > How to properly get first string up to first "," from
> > > > > > > the  h[i]->value.data using NGINX functions/types or
> > > > > > > other correct way to do it.
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > Thanks,
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > On Wed, Dec 25, 2019 at 12:17 PM Ruslan Ermilov <
> > > > > > > ru at nginx.com> wrote:
> > > > > > > > On Tue, Dec 24, 2019 at 08:00:26PM +0100, Marcin
> > > > > > > > Kozlowski wrote:
> > > > > > > > 
> > > > > > > > > Thanks.
> > > > > > > > 
> > > > > > > > > 
> > > > > > > > 
> > > > > > > > > Works. For the reference, this is the code I used:
> > > > > > > > 
> > > > > > > > > 
> > > > > > > > 
> > > > > > > > >   ngx_uint_t n;
> > > > > > > > 
> > > > > > > > >   ngx_table_elt_t **h;
> > > > > > > > 
> > > > > > > > >   ngx_array_t a;
> > > > > > > > 
> > > > > > > > >   a = req->headers_in.x_forwarded_for;
> > > > > > > > 
> > > > > > > > >   n = a.nelts;
> > > > > > > > 
> > > > > > > > >   h = a.elts;
> > > > > > > > 
> > > > > > > > > 
> > > > > > > > 
> > > > > > > > > 
> > > > > > > > 
> > > > > > > > >   for (i = 0; i<n; i++) {
> > > > > > > > 
> > > > > > > > >     ngx_log_error(NGX_LOG_ERR, req->connection->log,
> > > > > > > > 
> > > > > > > > >               0, "x_forwarded_for: %s", h[i]-
> > > > > > > > >value.data);
> > > > > > > > 
> > > > > > > > >   }
> > > > > > > > 
> > > > > > > > > 
> > > > > > > > 
> > > > > > > > > BTW What would be the best practice in NGINX NASIX
> > > > > > > > module or any other
> > > > > > > > 
> > > > > > > > > module to load a file with hundreds entries of IPs
> > > > > > > > (hashmap, or what
> > > > > > > > 
> > > > > > > > > structure would be best?) which should be whitelisted
> > > > > > > > later for comparison
> > > > > > > > 
> > > > > > > > > in NASIX module logic. Those IP should never be
> > > > > > > > blocked by NAXSI.
> > > > > > > > 
> > > > > > > > > 
> > > > > > > > 
> > > > > > > > > When should I load this file in memory, in which
> > > > > > > > component
> > > > > > > > 
> > > > > > > > > /module/function/step?
> > > > > > > > 
> > > > > > > > > 
> > > > > > > > 
> > > > > > > > > Links to some guides/sample code would be also
> > > > > > > > appreciated.
> > > > > > > > 
> > > > > > > > > 
> > > > > > > > 
> > > > > > > > > Thanks,
> > > > > > > > 
> > > > > > > > 
> > > > > > > > 
> > > > > > > > http://nginx.org/en/docs/http/ngx_http_geo_module.html
> > > > > > > > 
> > > > > > > > _______________________________________________
> > > > > > > > 
> > > > > > > > nginx-devel mailing list
> > > > > > > > 
> > > > > > > > nginx-devel at nginx.org
> > > > > > > > 
> > > > > > > > http://mailman.nginx.org/mailman/listinfo/nginx-devel
> > > > > > > > 
> > > > > 
> > > > > _______________________________________________
> > > > > nginx-devel mailing list
> > > > > nginx-devel at nginx.org
> > > > > http://mailman.nginx.org/mailman/listinfo/nginx-devel
> > > > 
> > > > _______________________________________________
> > > > nginx-devel mailing list
> > > > nginx-devel at nginx.org
> > > > http://mailman.nginx.org/mailman/listinfo/nginx-devel
> > > 
> > > _______________________________________________
> > > 
> > > nginx-devel mailing list
> > > 
> > > nginx-devel at nginx.org
> > > 
> > > http://mailman.nginx.org/mailman/listinfo/nginx-devel
> 
> _______________________________________________nginx-devel mailing
> listnginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20200104/68f5b222/attachment.htm>


More information about the nginx-devel mailing list