(more!) evaluation of XRealIP from nginx reverse proxy

yacy · Dec 7, 2017 · 4355de0 · 4355de0
1 parent 30d71c6
commit 4355de0
Show file tree

Hide file tree

Showing 7 changed files with 23 additions and 8 deletions.
diff --git a/htroot/yacysearchitem.java b/htroot/yacysearchitem.java
@@ -208,8 +208,12 @@ public static serverObjects respond(final RequestHeader header, final serverObje
                 	prop.putXML("content_image_url", faviconURL.toNormalform(true));
             	}
             } else {
-            	prop.put("content_image", 1);
-            	prop.putXML("content_image_url", result.imageURL());
+            	try {
+            		prop.putXML("content_image_url", result.imageURL());
+            		prop.put("content_image", 1);
+            	} catch (UnsupportedOperationException e) {
+                	prop.put("content_image", 0);
+            	}
             }
 
             prop.put("content_urlhash", urlhash);

diff --git a/source/net/yacy/cora/protocol/RequestHeader.java b/source/net/yacy/cora/protocol/RequestHeader.java
@@ -725,10 +725,19 @@ public static String client(final ServletRequest request) {
     @Override
     public String getRemoteHost() {
         if (_request != null) {
-            return _request.getRemoteHost();
+            return host(_request);
         }
         throw new UnsupportedOperationException("Not supported yet.");
     }
+
+    public static String host(final ServletRequest request) {
+        String clientHost = request.getRemoteHost();
+        if (request instanceof HttpServletRequest) {
+        	String XRealIP = ((HttpServletRequest) request).getHeader(X_Real_IP);
+        	if (XRealIP != null && XRealIP.length() > 0) clientHost = XRealIP; // get IP through nginx config "proxy_set_header X-Real-IP $remote_addr;"
+        }
+		return clientHost;
+    }
 
     @Override
     public void setAttribute(String name, Object o) {

diff --git a/source/net/yacy/http/Jetty9YaCySecurityHandler.java b/source/net/yacy/http/Jetty9YaCySecurityHandler.java
@@ -64,7 +64,7 @@ protected RoleInfo prepareConstraintInfo(String pathInContext, Request request)
 
         String refererHost;
         // update AccessTracker
-        final String remoteip = request.getRemoteAddr();
+        final String remoteip = RequestHeader.client(request);
         serverAccessTracker.track(remoteip, pathInContext);
 
         try {

diff --git a/source/net/yacy/http/MonitorHandler.java b/source/net/yacy/http/MonitorHandler.java
@@ -32,6 +32,7 @@
 
 import net.yacy.cora.protocol.ConnectionInfo;
 import net.yacy.cora.protocol.Domains;
+import net.yacy.cora.protocol.RequestHeader;
 
 import org.eclipse.jetty.io.Connection;
 import org.eclipse.jetty.server.Request;
@@ -58,7 +59,7 @@ public void handle(String target, Request baseRequest, HttpServletRequest reques
 		final Connection connection = baseRequest.getHttpChannel().getEndPoint().getConnection();
 		final ConnectionInfo info = new ConnectionInfo(
 				baseRequest.getScheme(),
-				baseRequest.getRemoteAddr() + ":" + baseRequest.getRemotePort(),
+				RequestHeader.client(baseRequest) + ":" + baseRequest.getRemotePort(),
 				baseRequest.getMethod() + " " + baseRequest.getHttpURI().getPathQuery(),
 				connection.hashCode(),
 				baseRequest.getTimeStamp(),

diff --git a/source/net/yacy/http/servlets/GSAsearchServlet.java b/source/net/yacy/http/servlets/GSAsearchServlet.java
@@ -42,6 +42,7 @@
 import net.yacy.cora.federate.solr.connector.EmbeddedSolrConnector;
 import net.yacy.cora.federate.solr.responsewriter.GSAResponseWriter;
 import net.yacy.cora.protocol.HeaderFramework;
+import net.yacy.cora.protocol.RequestHeader;
 import net.yacy.cora.util.ConcurrentLog;
 import net.yacy.data.UserDB;
 import net.yacy.search.Switchboard;
@@ -102,7 +103,7 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
     private void respond(final HttpServletRequest header, final Switchboard sb, final OutputStream out) {
 
         // remember the peer contact for peer statistics
-        String clientip = header.getRemoteAddr();
+        String clientip = RequestHeader.client(header);
         if (clientip == null) clientip = "<unknown>"; // read an artificial header addendum
         String userAgent = header.getHeader(HeaderFramework.USER_AGENT);
         if (userAgent == null) userAgent = "<unknown>";

diff --git a/source/net/yacy/http/servlets/UrlProxyServlet.java b/source/net/yacy/http/servlets/UrlProxyServlet.java
@@ -102,7 +102,7 @@ public void service (ServletRequest req, ServletResponse res) throws ServletExce
             return;
         }
 
-        final String remoteHost = req.getRemoteHost();
+        final String remoteHost = req.getRemoteAddr();
         if (!Domains.isThisHostIP(remoteHost)) {
             if (!proxyippatternmatch(remoteHost)) {
                 response.sendError(HttpServletResponse.SC_FORBIDDEN,

diff --git a/source/net/yacy/http/servlets/YaCyQoSFilter.java b/source/net/yacy/http/servlets/YaCyQoSFilter.java
@@ -40,7 +40,7 @@ public class YaCyQoSFilter extends QoSFilter {
     protected int getPriority(ServletRequest request) {
         if (request.getServerName().equalsIgnoreCase(Domains.LOCALHOST)) {
             return 10; // highest priority for "localhost"
-        } else if (Domains.isLocalhost(request.getRemoteHost())) {
+        } else if (Domains.isLocalhost(request.getRemoteAddr())) {
             return 9;
         } else {
             return super.getPriority(request); // standard: authenticated = 2, other = 1 or 0