From 3812aa716189edbcff9a23f50fa12aa1272157a8 Mon Sep 17 00:00:00 2001 From: David Hanley Date: Thu, 12 Nov 2015 12:50:48 -0600 Subject: [PATCH 1/2] Fixing poiter return from header parse. - New tests to show header is being parsed --- ngx_http_repsheet_module.c | 2 +- spec/integration/integration_spec.rb | 20 +++++++++++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/ngx_http_repsheet_module.c b/ngx_http_repsheet_module.c index b28dd81..f216622 100644 --- a/ngx_http_repsheet_module.c +++ b/ngx_http_repsheet_module.c @@ -79,7 +79,7 @@ extract_proxy_header(ngx_http_request_t *r, repsheet_loc_conf_t *loc_conf) } if (ngx_strncmp(h[i].key.data, loc_conf->proxy_headers_header.data, h[i].key.len) == 0) { - return h; + return &h[i]; } } diff --git a/spec/integration/integration_spec.rb b/spec/integration/integration_spec.rb index 5e0cf11..15ac401 100644 --- a/spec/integration/integration_spec.rb +++ b/spec/integration/integration_spec.rb @@ -204,12 +204,30 @@ end describe "Alternate XFF header" do - it "Properly extracts the alternate header" do + + it "doesn't block a header with true-client-ip set before there are any marks" do + @redis.set("1.1.1.2:repsheet:ip:blacklisted", "Integration Spec") + http = Curl.get("http://127.0.0.1:8888/real") do |http| + http.headers['True-Client-IP'] = '1.1.1.1' + end + expect(http.response_code).to eq(404) + end + + it "Properly extracts & blocks the alternate header when it's blacklisted" do @redis.set("1.1.1.1:repsheet:ip:blacklisted", "Integration Spec") http = Curl.get("http://127.0.0.1:8888/real") do |http| http.headers['True-Client-IP'] = '1.1.1.1' end expect(http.response_code).to eq(403) end + + it "doesn't block an unblocked IP with true-client-ip set" do + @redis.set("1.1.1.1:repsheet:ip:blacklisted", "Integration Spec") + http = Curl.get("http://127.0.0.1:8888/real") do |http| + http.headers['True-Client-IP'] = '2.2.2.2' + end + expect(http.response_code).to eq(404) + end + end end From d3dee16d8e2f1db0d39462fbf2fbf32d2618597e Mon Sep 17 00:00:00 2001 From: David Hanley Date: Fri, 13 Nov 2015 15:23:29 -0600 Subject: [PATCH 2/2] tests check and return 200 on success --- nginx.conf | 1 + spec/integration/integration_spec.rb | 10 +--------- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/nginx.conf b/nginx.conf index e78056e..d9227fa 100644 --- a/nginx.conf +++ b/nginx.conf @@ -35,6 +35,7 @@ http { location /real { repsheet_proxy_headers_header "True-Client-IP"; + proxy_pass http://127.0.0.1:8888/; } location /blacklist { diff --git a/spec/integration/integration_spec.rb b/spec/integration/integration_spec.rb index 15ac401..aa9fbf8 100644 --- a/spec/integration/integration_spec.rb +++ b/spec/integration/integration_spec.rb @@ -205,14 +205,6 @@ describe "Alternate XFF header" do - it "doesn't block a header with true-client-ip set before there are any marks" do - @redis.set("1.1.1.2:repsheet:ip:blacklisted", "Integration Spec") - http = Curl.get("http://127.0.0.1:8888/real") do |http| - http.headers['True-Client-IP'] = '1.1.1.1' - end - expect(http.response_code).to eq(404) - end - it "Properly extracts & blocks the alternate header when it's blacklisted" do @redis.set("1.1.1.1:repsheet:ip:blacklisted", "Integration Spec") http = Curl.get("http://127.0.0.1:8888/real") do |http| @@ -226,7 +218,7 @@ http = Curl.get("http://127.0.0.1:8888/real") do |http| http.headers['True-Client-IP'] = '2.2.2.2' end - expect(http.response_code).to eq(404) + expect(http.response_code).to eq(200) end end