[PATCH] Added $realip_add_x_forwarded_for
J Carter
jordanc.carter at outlook.com
Sun May 14 03:51:58 UTC 2023
# HG changeset patch
# User jordanc.carter at outlook.com
# Date 1684035158 -3600
# Sun May 14 04:32:38 2023 +0100
# Node ID dad6e472ee0d97a738b117f6480987ef135c9e7f
# Parent b71e69247483631bd8fc79a47cc32b762625b1fb
Added $realip_add_x_forwarded_for
Resolves Ticket #2127.
Duplicates the functionality of proxy_add_x_forwarded_for, except
the true source ip is appended and not the remote address extracted
by the real IP module.
In practice this is proxy_add_x_forwarded_for but $realip_remote_addr
is used and not $remote_addr.
This follows the same convention as $realip_remote_addr and
$real_ip_remote_port, in that it is a drop in replacement for
$proxy_add_x_forwarded_for that can be used in contexts that both do
and do not have the real_ip directives, with the same results.
An example configuration:
server {
listen 80;
real_ip_header X-Forwarded-For;
set_real_ip_from 127.0.0.1;
location / {
proxy_set_header X-Forwarded-For $realip_add_x_forwarded_for;
proxy_set_header Remote $remote_addr;
proxy_pass http://127.0.0.1:8080;
}
}
server {
listen 8080;
add_header Echo-X-Forwarded_For $http_x_forwarded_for;
add_header Echo-Remote $http_remote;
return 200;
}
test with:
curl -I --interface 127.0.0.1 -H "X-Forwarded-For: 10.0.0.1" localhost
curl -I --interface 127.0.0.2 -H "X-Forwarded-For: 10.0.0.1" localhost
diff --git a/src/http/modules/ngx_http_realip_module.c
b/src/http/modules/ngx_http_realip_module.c ---
a/src/http/modules/ngx_http_realip_module.c +++
b/src/http/modules/ngx_http_realip_module.c @@ -53,6 +53,8 @@
ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t
ngx_http_realip_remote_port_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data); +static ngx_int_t
ngx_http_realip_add_x_forwarded_for_variable(ngx_http_request_t *r,
+ ngx_http_variable_value_t *v, uintptr_t data);
static ngx_command_t ngx_http_realip_commands[] = {
@@ -122,6 +124,9 @@
{ ngx_string("realip_remote_port"), NULL,
ngx_http_realip_remote_port_variable, 0, 0, 0 },
+ { ngx_string("realip_add_x_forwarded_for"), NULL,
+ ngx_http_realip_add_x_forwarded_for_variable, 0, 0, 0 },
+
ngx_http_null_variable
};
@@ -619,3 +624,55 @@
return NGX_OK;
}
+
+
+static ngx_int_t
+ngx_http_realip_add_x_forwarded_for_variable(ngx_http_request_t *r,
+ ngx_http_variable_value_t *v, uintptr_t data)
+{
+ size_t len;
+ u_char *p;
+ ngx_str_t *addr_text;
+ ngx_table_elt_t *h, *xfwd;
+ ngx_http_realip_ctx_t *ctx;
+
+ v->valid = 1;
+ v->no_cacheable = 0;
+ v->not_found = 0;
+
+ len = 0;
+
+ ctx = ngx_http_realip_get_module_ctx(r);
+ addr_text = ctx ? &ctx->addr_text : &r->connection->addr_text;
+
+ xfwd = r->headers_in.x_forwarded_for;
+
+ for (h = xfwd; h; h = h->next) {
+ len += h->value.len + sizeof(", ") - 1;
+ }
+
+ if (len == 0) {
+ v->len = addr_text->len;
+ v->data = addr_text->data;
+ return NGX_OK;
+ }
+
+ len += addr_text->len;
+
+ p = ngx_pnalloc(r->pool, len);
+ if (p == NULL) {
+ return NGX_ERROR;
+ }
+
+ v->len = len;
+ v->data = p;
+
+ for (h = xfwd; h; h = h->next) {
+ p = ngx_copy(p, h->value.data, h->value.len);
+ *p++ = ','; *p++ = ' ';
+ }
+
+ ngx_memcpy(p, addr_text->data, addr_text->len);
+
+ return NGX_OK;
+}
More information about the nginx-devel
mailing list