[PATCH] Added $realip_add_x_forwarded_for

J Carter jordanc.carter at outlook.com
Sun May 14 06:47:21 UTC 2023


Re-sending with non-malformed patch...

# HG changeset patch
# User jordanc.carter at outlook.com
# Date 1684035158 -3600
#      Sun May 14 04:32:38 2023 +0100
# Node ID dad6e472ee0d97a738b117f6480987ef135c9e7f
# Parent  b71e69247483631bd8fc79a47cc32b762625b1fb
Added $realip_add_x_forwarded_for

Resolves Ticket #2127.

Duplicates the functionality of proxy_add_x_forwarded_for, except
the true source ip is appended and not the remote address extracted
by the real IP module.

In practise this is proxy_add_x_forwarded_for but $realip_remote_addr
is used and not $remote_addr.

This follows the same convention as $realip_remote_addr and
$real_ip_remote_port, in that it is a drop in replacement for
$proxy_add_x_forwarded_for that can be used in contexts that both do
and do not have the real_ip directives, with the same results.

An example configuration:

server {
    listen 80;
    real_ip_header X-Forwarded-For;
    set_real_ip_from 127.0.0.1;

    location / {
        proxy_set_header X-Forwarded-For $realip_add_x_forwarded_for;
        proxy_set_header Remote $remote_addr;
        proxy_pass http://127.0.0.1:8080;
    }
}

server {
    listen 8080;

    location / {
        add_header Echo-X-Forwarded_For $http_x_forwarded_for;
        add_header Remote $http_remote;
        return 200;
    }
}

test with:

curl -I --interface 127.0.0.1 -H "X-Forwarded-For: 10.0.0.1" localhost
curl -I --interface 127.0.0.2 -H "X-Forwarded-For: 10.0.0.1" localhost

diff --git a/src/http/modules/ngx_http_realip_module.c
b/src/http/modules/ngx_http_realip_module.c ---
a/src/http/modules/ngx_http_realip_module.c +++
b/src/http/modules/ngx_http_realip_module.c @@ -53,6 +53,8 @@
     ngx_http_variable_value_t *v, uintptr_t data);
 static ngx_int_t
ngx_http_realip_remote_port_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data); +static ngx_int_t
ngx_http_realip_add_x_forwarded_for_variable(ngx_http_request_t *r,
+    ngx_http_variable_value_t *v, uintptr_t data);
 
 
 static ngx_command_t  ngx_http_realip_commands[] = {
@@ -122,6 +124,9 @@
     { ngx_string("realip_remote_port"), NULL,
       ngx_http_realip_remote_port_variable, 0, 0, 0 },
 
+    { ngx_string("realip_add_x_forwarded_for"), NULL,
+      ngx_http_realip_add_x_forwarded_for_variable, 0, 0, 0 },
+
       ngx_http_null_variable
 };
 
@@ -619,3 +624,55 @@
 
     return NGX_OK;
 }
+
+
+static ngx_int_t
+ngx_http_realip_add_x_forwarded_for_variable(ngx_http_request_t *r,
+    ngx_http_variable_value_t *v, uintptr_t data)
+{
+    size_t                  len;
+    u_char                 *p;
+    ngx_str_t              *addr_text;
+    ngx_table_elt_t        *h, *xfwd;
+    ngx_http_realip_ctx_t  *ctx;
+
+    v->valid = 1;
+    v->no_cacheable = 0;
+    v->not_found = 0;
+
+    len = 0;
+
+    ctx = ngx_http_realip_get_module_ctx(r);
+    addr_text = ctx ? &ctx->addr_text : &r->connection->addr_text;
+
+    xfwd = r->headers_in.x_forwarded_for;
+
+    for (h = xfwd; h; h = h->next) {
+        len += h->value.len + sizeof(", ") - 1;
+    }
+
+    if (len == 0) {
+        v->len = addr_text->len;
+        v->data = addr_text->data;
+        return NGX_OK;
+    }
+
+    len += addr_text->len;
+
+    p = ngx_pnalloc(r->pool, len);
+    if (p == NULL) {
+        return NGX_ERROR;
+    }
+
+    v->len = len;
+    v->data = p;
+
+    for (h = xfwd; h; h = h->next) {
+        p = ngx_copy(p, h->value.data, h->value.len);
+        *p++ = ','; *p++ = ' ';
+    }
+
+    ngx_memcpy(p, addr_text->data, addr_text->len);
+
+    return NGX_OK;
+}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hgexport.patch
Type: application/octet-stream
Size: 3515 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20230514/643f5ea3/attachment.obj>


More information about the nginx-devel mailing list