custom real ip header

alttch · Nov 11, 2021 · dd14028 · dd14028
1 parent 176b507
commit dd14028
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 4 deletions.
diff --git a/doc/install.rst b/doc/install.rst
@@ -679,6 +679,8 @@ Using NGINX as a frontend for SFA interface
     *X-Real-IP* header and set *webapi/x-real-ip: true* option in
     *config/sfa/main* :doc:`registry</registry>` key.
 
+    To override the header name, use the field *webapi/real-ip-header*.
+
 External authentication
 -----------------------
 

diff --git a/lib/eva/api.py b/lib/eva/api.py
@@ -72,7 +72,8 @@
                          session_no_prolong=False,
                          thread_pool=15,
                          ei_enabled=True,
-                         use_x_real_ip=False)
+                         use_x_real_ip=False,
+                         real_ip_header='X-Real-IP')
 
 api_result_accepted = 2
 
@@ -550,6 +551,8 @@ def update_config(cfg):
     config.ei_enabled = cfg.get('webapi/ei-enabled', default=True)
     logging.debug(f'webapi.ei_enabled = {config.ei_enabled}')
     config.use_x_real_ip = cfg.get('webapi/x-real-ip', default=False)
+    config.real_ip_header = cfg.get('webapi/real-ip-header',
+                                    default='X-Real-IP')
     logging.debug(f'webapi.x_real_ip = {config.use_x_real_ip}')
     return True
 
@@ -656,9 +659,12 @@ def http_real_ip(get_gw=False, ip_only=False):
         gw = get_aci('gw')
         if gw:
             return None if ip_only else 'gateway/' + gw
-    if config.use_x_real_ip and 'X-Real-IP' in cherrypy.request.headers and \
-            cherrypy.request.headers['X-Real-IP']!='':
-        ip = cherrypy.request.headers['X-Real-IP']
+    if config.use_x_real_ip:
+        real_ip = cherrypy.request.headers.get(config.real_ip_header)
+        if real_ip:
+            ip = real_ip
+        else:
+            ip = cherrypy.request.remote.ip
     else:
         ip = cherrypy.request.remote.ip
     return ip

diff --git a/lib/eva/registry/defaults/config/lm/main.yml b/lib/eva/registry/defaults/config/lm/main.yml
@@ -128,6 +128,8 @@ webapi:
   #ei-enabled: false
   # use frontend X-Real-IP header to get client real IP address
   #x-real-ip: true
+  # override real ip header name
+  #real-ip-header: X-IP
 cloud:
   # default API key ID
   default-key: default

diff --git a/lib/eva/registry/defaults/config/sfa/main.yml b/lib/eva/registry/defaults/config/sfa/main.yml
@@ -118,6 +118,8 @@ webapi:
   #ei-enabled: false
   # use frontend X-Real-IP header to get client real IP address
   #x-real-ip: true
+  # override real ip header name
+  #real-ip-header: X-IP
 cloud:
   # enable/disable cloud manager
   cloud-manager: false

diff --git a/lib/eva/registry/defaults/config/uc/main.yml b/lib/eva/registry/defaults/config/uc/main.yml
@@ -116,6 +116,8 @@ webapi:
   #ei-enabled: false
   # use frontend X-Real-IP header to get client real IP address
   #x-real-ip: true
+  # override real ip header name
+  #real-ip-header: X-IP
 snmptrap:
   # snmp trap handler, default community is eva
   listen: 127.0.0.1:162

diff --git a/lib/eva/registry/schema.yml b/lib/eva/registry/schema.yml
@@ -188,6 +188,7 @@ config/uc/main:
         thread-pool: *intpositive
         ei-enabled: *bool
         x-real-ip: *bool
+        real-ip-header: *str
     snmptrap:
       type: object
       additionalProperties: false