Fix source IP address
This commit is contained in:
Manuel de Brito Fontes
parent
23af068e17
commit
0755231469
6 changed files with 22 additions and 89 deletions
|
|
@ -261,11 +261,6 @@ type Configuration struct {
|
|||
// https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_headers_hash_bucket_size
|
||||
ProxyHeadersHashBucketSize int `json:"proxy-headers-hash-bucket-size,omitempty"`
|
||||
|
||||
// RealClientFrom defines the trusted source of the client source IP address
|
||||
// The valid values are "auto", "http-proxy" and "tcp-proxy"
|
||||
// Default: auto
|
||||
RealClientFrom string `json:"real-client-from,omitempty"`
|
||||
|
||||
// Enables or disables emitting nginx version in error messages and in the “Server” response header field.
|
||||
// http://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens
|
||||
// Default: true
|
||||
|
|
@ -479,7 +474,6 @@ func NewDefault() Configuration {
|
|||
LimitConnZoneVariable: defaultLimitConnZoneVariable,
|
||||
BindAddressIpv4: defBindAddress,
|
||||
BindAddressIpv6: defBindAddress,
|
||||
RealClientFrom: "auto",
|
||||
ZipkinCollectorPort: 9411,
|
||||
ZipkinServiceName: "nginx",
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,7 +19,6 @@ package template
|
|||
import (
|
||||
"fmt"
|
||||
"net"
|
||||
"regexp"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
|
|
@ -39,10 +38,6 @@ const (
|
|||
bindAddress = "bind-address"
|
||||
)
|
||||
|
||||
var (
|
||||
realClientRegex = regexp.MustCompile(`auto|http-proxy|tcp-proxy`)
|
||||
)
|
||||
|
||||
// ReadConfig obtains the configuration defined by the user merged with the defaults.
|
||||
func ReadConfig(src map[string]string) config.Configuration {
|
||||
conf := map[string]string{}
|
||||
|
|
@ -125,11 +120,6 @@ func ReadConfig(src map[string]string) config.Configuration {
|
|||
glog.Warningf("unexpected error merging defaults: %v", err)
|
||||
}
|
||||
|
||||
if !realClientRegex.MatchString(to.RealClientFrom) {
|
||||
glog.Warningf("unexpected value for RealClientFromSetting (%v). Using default \"auto\"", to.RealClientFrom)
|
||||
to.RealClientFrom = "auto"
|
||||
}
|
||||
|
||||
return to
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -152,8 +152,6 @@ var (
|
|||
},
|
||||
"isValidClientBodyBufferSize": isValidClientBodyBufferSize,
|
||||
"buildForwardedFor": buildForwardedFor,
|
||||
"trustHTTPHeaders": trustHTTPHeaders,
|
||||
"trustProxyProtocol": trustProxyProtocol,
|
||||
"buildAuthSignURL": buildAuthSignURL,
|
||||
}
|
||||
)
|
||||
|
|
@ -671,28 +669,6 @@ func buildForwardedFor(input interface{}) string {
|
|||
return fmt.Sprintf("$http_%v", ffh)
|
||||
}
|
||||
|
||||
func trustHTTPHeaders(input interface{}) bool {
|
||||
conf, ok := input.(config.TemplateConfig)
|
||||
if !ok {
|
||||
glog.Errorf("%v", input)
|
||||
return true
|
||||
}
|
||||
|
||||
return conf.Cfg.RealClientFrom == "http-proxy" ||
|
||||
(conf.Cfg.RealClientFrom == "auto" && !conf.Cfg.UseProxyProtocol)
|
||||
}
|
||||
|
||||
func trustProxyProtocol(input interface{}) bool {
|
||||
conf, ok := input.(config.TemplateConfig)
|
||||
if !ok {
|
||||
glog.Errorf("%v", input)
|
||||
return true
|
||||
}
|
||||
|
||||
return conf.Cfg.RealClientFrom == "tcp-proxy" ||
|
||||
(conf.Cfg.RealClientFrom == "auto" && conf.Cfg.UseProxyProtocol)
|
||||
}
|
||||
|
||||
func buildAuthSignURL(input interface{}) string {
|
||||
s, ok := input.(string)
|
||||
if !ok {
|
||||
|
|
@ -703,12 +679,12 @@ func buildAuthSignURL(input interface{}) string {
|
|||
u, _ := url.Parse(s)
|
||||
q := u.Query()
|
||||
if len(q) == 0 {
|
||||
return fmt.Sprintf("%v?rd=$request_uri", s)
|
||||
return fmt.Sprintf("%v?rd=$scheme://$http_host$request_uri", s)
|
||||
}
|
||||
|
||||
if q.Get("rd") != "" {
|
||||
return s
|
||||
}
|
||||
|
||||
return fmt.Sprintf("%v&rd=$request_uri", s)
|
||||
return fmt.Sprintf("%v&rd=$scheme://$http_host$request_uri", s)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -359,8 +359,8 @@ func TestBuildAuthSignURL(t *testing.T) {
|
|||
cases := map[string]struct {
|
||||
Input, Output string
|
||||
}{
|
||||
"default url": {"http://google.com", "http://google.com?rd=$request_uri"},
|
||||
"with random field": {"http://google.com?cat=0", "http://google.com?cat=0&rd=$request_uri"},
|
||||
"default url": {"http://google.com", "http://google.com?rd=$scheme://$http_host$request_uri"},
|
||||
"with random field": {"http://google.com?cat=0", "http://google.com?cat=0&rd=$scheme://$http_host$request_uri"},
|
||||
"with rd field": {"http://google.com?cat&rd=$request", "http://google.com?cat&rd=$request"},
|
||||
}
|
||||
for k, tc := range cases {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue