Mailman with nginx and thttpd

Igor Sysoev igor at sysoev.ru
Tue Oct 26 22:05:16 MSD 2010


On Tue, Oct 26, 2010 at 11:02:34AM -0700, David Newman wrote:

> On 10/26/10 10:38 AM, Igor Sysoev wrote:
> > On Tue, Oct 26, 2010 at 10:32:47AM -0700, David Newman wrote:
> > 
> >> On 10/25/10 9:46 PM, Igor Sysoev wrote:
> >>
> >>> nginx.org runs Mailman's CGI using mini_httpd. This is a simple server by
> >>> the same author as thttpd. I have also patched mini_httpd to support
> >>> X-Real-IP header. 
> >>
> >> Thanks for the responses.
> >>
> >> Is this the mini_httpd patch:
> >>
> >> http://www.lexa.ru/nginx-ru/msg29854.html
> >>
> >> If not, what changes are needed to mini_httpd?
> > 
> > Yes, it is this patch. If you have problems with applying I can sent
> > it as attachment.
> 
> Thanks -- please do. I'm having trouble with line wraps when cutting and
> pasting from that email, and an attempt to patch manually failed (as it
> should -- that's always a bad idea).

Here is the patch.


-- 
Igor Sysoev
http://sysoev.ru/en/
-------------- next part --------------
--- mini_httpd.c	2009-11-20 12:10:55.000000000 +0300
+++ mini_httpd.c	2009-11-20 12:13:59.000000000 +0300
@@ -186,6 +186,7 @@
 static char* pidfile;
 static char* charset;
 static char* p3p;
+static char* xrealip;
 static int max_age;
 static FILE* logfp;
 static int listen4_fd, listen6_fd;
@@ -226,6 +227,7 @@
 static time_t if_modified_since;
 static char* referer;
 static char* useragent;
+static char* remote_addr;
 
 static char* remoteuser;
 
@@ -332,6 +334,7 @@
     local_pattern = (char*) 0;
     charset = DEFAULT_CHARSET;
     p3p = (char*) 0;
+    xrealip = (char*) 0;
     max_age = -1;
     user = DEFAULT_USER;
     hostname = (char*) 0;
@@ -426,6 +429,11 @@
 	    ++argn;
 	    p3p = argv[argn];
 	    }
+	else if ( strcmp( argv[argn], "-X" ) == 0 && argn + 1 < argc )
+	    {
+	    ++argn;
+	    xrealip = argv[argn];
+	    }
 	else if ( strcmp( argv[argn], "-M" ) == 0 && argn + 1 < argc )
 	    {
 	    ++argn;
@@ -990,6 +998,11 @@
 		value_required( name, value );
 		p3p = e_strdup( value );
 		}
+	    else if ( strcasecmp( name, "xrealip" ) == 0 )
+		{
+		value_required( name, value );
+		xrealip = e_strdup( value );
+		}
 	    else if ( strcasecmp( name, "max_age" ) == 0 )
 		{
 		value_required( name, value );
@@ -1159,6 +1172,7 @@
     if_modified_since = (time_t) -1;
     referer = "";
     useragent = "";
+    remote_addr = ntoa( &client_addr );
 
 #ifdef TCP_NOPUSH
     /* Set the TCP_NOPUSH socket option, to try and avoid the 0.2 second
@@ -1276,6 +1290,15 @@
 	    cp += strspn( cp, " \t" );
 	    useragent = cp;
 	    }
+	else if ( strncasecmp( line, "X-Real-IP:", 10 ) == 0 )
+	    {
+	    if ( strcmp(remote_addr, xrealip ) == 0 )
+	  	{
+		cp = &line[10];
+		cp += strspn( cp, " \t" );
+		remote_addr = cp;
+		}
+	    }
 	}
 
     if ( strcasecmp( method_str, get_method_str( METHOD_GET ) ) == 0 )
@@ -1471,7 +1494,7 @@
 	{
 	syslog(
 	    LOG_NOTICE, "%.80s URL \"%.80s\" tried to retrieve an auth file",
-	    ntoa( &client_addr ), path );
+	    remote_addr, path );
 	send_error( 403, "Forbidden", "", "File is protected." );
 	}
 
@@ -1492,7 +1515,7 @@
 	{
 	syslog(
 	    LOG_INFO, "%.80s File \"%.80s\" is protected",
-	    ntoa( &client_addr ), path );
+	    remote_addr, path );
 	send_error( 403, "Forbidden", "", "File is protected." );
 	}
     mime_type = figure_mime( file, mime_encodings, sizeof(mime_encodings) );
@@ -1569,7 +1592,7 @@
 	{
 	syslog(
 	    LOG_INFO, "%.80s Directory \"%.80s\" is protected",
-	    ntoa( &client_addr ), path );
+	    remote_addr, path );
 	send_error( 403, "Forbidden", "", "Directory is protected." );
 	}
 #endif /* HAVE_SCANDIR */
@@ -2143,7 +2166,7 @@
 	}
     if ( query[0] != '\0' )
 	envp[envn++] = build_env( "QUERY_STRING=%s", query );
-    envp[envn++] = build_env( "REMOTE_ADDR=%s", ntoa( &client_addr ) );
+    envp[envn++] = build_env( "REMOTE_ADDR=%s", remote_addr );
     if ( referer[0] != '\0' )
 	envp[envn++] = build_env( "HTTP_REFERER=%s", referer );
     if ( useragent[0] != '\0' )
@@ -2255,7 +2278,7 @@
 	/* The file exists but we can't open it?  Disallow access. */
 	syslog(
 	    LOG_ERR, "%.80s auth file %.80s could not be opened - %m",
-	    ntoa( &client_addr ), authpath );
+	    remote_addr, authpath );
 	send_error( 403, "Forbidden", "", "File is protected." );
 	}
 
@@ -2759,7 +2782,7 @@
     /* And write the log entry. */
     (void) fprintf( logfp,
 	"%.80s - %.80s [%s] \"%.80s %.200s %.80s\" %d %s \"%.200s\" \"%.200s\"\n",
-	ntoa( &client_addr ), ru, date, get_method_str( method ), url,
+	remote_addr, ru, date, get_method_str( method ), url,
 	protocol, status, bytes_str, referer, useragent );
     (void) fflush( logfp );
     }
@@ -2790,7 +2813,7 @@
 	cp = "";
     syslog(
 	LOG_INFO, "%.80s non-local referer \"%.80s%.80s\" \"%.80s\"",
-	ntoa( &client_addr ), cp, path, referer );
+	remote_addr, cp, path, referer );
     send_error( 403, "Forbidden", "", "You must supply a local referer." );
     }
 
@@ -3128,7 +3151,7 @@
 static void
 handle_read_timeout( int sig )
     {
-    syslog( LOG_INFO, "%.80s connection timed out reading", ntoa( &client_addr ) );
+    syslog( LOG_INFO, "%.80s connection timed out reading", remote_addr );
     send_error(
 	408, "Request Timeout", "",
 	"No request appeared within a reasonable time period." );
@@ -3138,7 +3161,7 @@
 static void
 handle_write_timeout( int sig )
     {
-    syslog( LOG_INFO, "%.80s connection timed out writing", ntoa( &client_addr ) );
+    syslog( LOG_INFO, "%.80s connection timed out writing", remote_addr );
     exit( 1 );
     }
 
--- mini_httpd.8	2009-11-20 12:10:55.000000000 +0300
+++ mini_httpd.8	2009-11-20 11:30:58.000000000 +0300
@@ -27,6 +27,8 @@
 .IR charset ]
 .RB [ -P
 .IR P3P ]
+.RB [ -X
+.IR address ]
 .RB [ -M
 .IR maxage ]
 .RB [ -S ]
@@ -163,6 +165,11 @@
 P3P: response header.
 The config-file option name for this flag is "p3p".
 .TP
+.B -X
+Specifies an address of a proxy server allowed to override a client address
+with "X-Real-IP" header.
+The config-file option name for this flag is "xrealip".
+.TP
 .B -M
 Specifies the number of seconds to be used in a "Cache-Control: max-age"
 header to be returned with all responses.


More information about the nginx mailing list