Permalink
Browse files

(more!) evaluation of XRealIP from nginx reverse proxy

  • Loading branch information...
Orbiter committed Dec 7, 2017
1 parent 30d71c6 commit 4355de0f3c8f7e91815c0c8de8c0f6d6bad651b8
@@ -208,8 +208,12 @@ public static serverObjects respond(final RequestHeader header, final serverObje
prop.putXML("content_image_url", faviconURL.toNormalform(true));
}
} else {
prop.put("content_image", 1);
prop.putXML("content_image_url", result.imageURL());
try {
prop.putXML("content_image_url", result.imageURL());
prop.put("content_image", 1);
} catch (UnsupportedOperationException e) {
prop.put("content_image", 0);
}
}
prop.put("content_urlhash", urlhash);
@@ -725,10 +725,19 @@ public static String client(final ServletRequest request) {
@Override
public String getRemoteHost() {
if (_request != null) {
return _request.getRemoteHost();
return host(_request);
}
throw new UnsupportedOperationException("Not supported yet.");
}
public static String host(final ServletRequest request) {
String clientHost = request.getRemoteHost();
if (request instanceof HttpServletRequest) {
String XRealIP = ((HttpServletRequest) request).getHeader(X_Real_IP);
if (XRealIP != null && XRealIP.length() > 0) clientHost = XRealIP; // get IP through nginx config "proxy_set_header X-Real-IP $remote_addr;"
}
return clientHost;
}
@Override
public void setAttribute(String name, Object o) {
@@ -64,7 +64,7 @@ protected RoleInfo prepareConstraintInfo(String pathInContext, Request request)
String refererHost;
// update AccessTracker
final String remoteip = request.getRemoteAddr();
final String remoteip = RequestHeader.client(request);
serverAccessTracker.track(remoteip, pathInContext);
try {
@@ -32,6 +32,7 @@
import net.yacy.cora.protocol.ConnectionInfo;
import net.yacy.cora.protocol.Domains;
import net.yacy.cora.protocol.RequestHeader;
import org.eclipse.jetty.io.Connection;
import org.eclipse.jetty.server.Request;
@@ -58,7 +59,7 @@ public void handle(String target, Request baseRequest, HttpServletRequest reques
final Connection connection = baseRequest.getHttpChannel().getEndPoint().getConnection();
final ConnectionInfo info = new ConnectionInfo(
baseRequest.getScheme(),
baseRequest.getRemoteAddr() + ":" + baseRequest.getRemotePort(),
RequestHeader.client(baseRequest) + ":" + baseRequest.getRemotePort(),
baseRequest.getMethod() + " " + baseRequest.getHttpURI().getPathQuery(),
connection.hashCode(),
baseRequest.getTimeStamp(),
@@ -42,6 +42,7 @@
import net.yacy.cora.federate.solr.connector.EmbeddedSolrConnector;
import net.yacy.cora.federate.solr.responsewriter.GSAResponseWriter;
import net.yacy.cora.protocol.HeaderFramework;
import net.yacy.cora.protocol.RequestHeader;
import net.yacy.cora.util.ConcurrentLog;
import net.yacy.data.UserDB;
import net.yacy.search.Switchboard;
@@ -102,7 +103,7 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
private void respond(final HttpServletRequest header, final Switchboard sb, final OutputStream out) {
// remember the peer contact for peer statistics
String clientip = header.getRemoteAddr();
String clientip = RequestHeader.client(header);
if (clientip == null) clientip = "<unknown>"; // read an artificial header addendum
String userAgent = header.getHeader(HeaderFramework.USER_AGENT);
if (userAgent == null) userAgent = "<unknown>";
@@ -102,7 +102,7 @@ public void service (ServletRequest req, ServletResponse res) throws ServletExce
return;
}
final String remoteHost = req.getRemoteHost();
final String remoteHost = req.getRemoteAddr();
if (!Domains.isThisHostIP(remoteHost)) {
if (!proxyippatternmatch(remoteHost)) {
response.sendError(HttpServletResponse.SC_FORBIDDEN,
@@ -40,7 +40,7 @@
protected int getPriority(ServletRequest request) {
if (request.getServerName().equalsIgnoreCase(Domains.LOCALHOST)) {
return 10; // highest priority for "localhost"
} else if (Domains.isLocalhost(request.getRemoteHost())) {
} else if (Domains.isLocalhost(request.getRemoteAddr())) {
return 9;
} else {
return super.getPriority(request); // standard: authenticated = 2, other = 1 or 0

0 comments on commit 4355de0

Please sign in to comment.