Commit 9aed11e3 authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa

Merge branch 'LPardue-master'

parents c6cfcc3c 9ea4905f
...@@ -750,6 +750,7 @@ void fill_default_config() ...@@ -750,6 +750,7 @@ void fill_default_config()
mod_config()->num_worker = 1; mod_config()->num_worker = 1;
mod_config()->http2_max_concurrent_streams = 100; mod_config()->http2_max_concurrent_streams = 100;
mod_config()->add_x_forwarded_for = false; mod_config()->add_x_forwarded_for = false;
mod_config()->strip_incoming_x_forwarded_for = false;
mod_config()->no_via = false; mod_config()->no_via = false;
mod_config()->accesslog_file = nullptr; mod_config()->accesslog_file = nullptr;
mod_config()->accesslog_syslog = false; mod_config()->accesslog_syslog = false;
...@@ -1156,6 +1157,9 @@ Misc: ...@@ -1156,6 +1157,9 @@ Misc:
--add-x-forwarded-for --add-x-forwarded-for
Append X-Forwarded-For header field to the Append X-Forwarded-For header field to the
downstream request. downstream request.
--strip-incoming-x-forwarded-for
Strip X-Forwarded-For header field from inbound
client requests.
--no-via Don't append to Via header field. If Via header --no-via Don't append to Via header field. If Via header
field is received, it is left unaltered. field is received, it is left unaltered.
--no-location-rewrite --no-location-rewrite
...@@ -1308,6 +1312,7 @@ int main(int argc, char **argv) ...@@ -1308,6 +1312,7 @@ int main(int argc, char **argv)
{"no-location-rewrite", no_argument, &flag, 62}, {"no-location-rewrite", no_argument, &flag, 62},
{"backend-connections-per-frontend", required_argument, &flag, 63}, {"backend-connections-per-frontend", required_argument, &flag, 63},
{"listener-disable-timeout", required_argument, &flag, 64}, {"listener-disable-timeout", required_argument, &flag, 64},
{"strip-incoming-x-forwarded-for", no_argument, &flag, 65},
{nullptr, 0, nullptr, 0 } {nullptr, 0, nullptr, 0 }
}; };
...@@ -1605,6 +1610,10 @@ int main(int argc, char **argv) ...@@ -1605,6 +1610,10 @@ int main(int argc, char **argv)
// --listener-disable-timeout // --listener-disable-timeout
cmdcfgs.emplace_back(SHRPX_OPT_LISTENER_DISABLE_TIMEOUT, optarg); cmdcfgs.emplace_back(SHRPX_OPT_LISTENER_DISABLE_TIMEOUT, optarg);
break; break;
case 65:
// --strip-incoming-x-forwarded-for
cmdcfgs.emplace_back(SHRPX_OPT_STRIP_INCOMING_X_FORWARDED_FOR, "yes");
break;
default: default:
break; break;
} }
......
...@@ -67,6 +67,7 @@ const char SHRPX_OPT_HTTP2_PROXY[] = "http2-proxy"; ...@@ -67,6 +67,7 @@ const char SHRPX_OPT_HTTP2_PROXY[] = "http2-proxy";
const char SHRPX_OPT_HTTP2_BRIDGE[] = "http2-bridge"; const char SHRPX_OPT_HTTP2_BRIDGE[] = "http2-bridge";
const char SHRPX_OPT_CLIENT_PROXY[] = "client-proxy"; const char SHRPX_OPT_CLIENT_PROXY[] = "client-proxy";
const char SHRPX_OPT_ADD_X_FORWARDED_FOR[] = "add-x-forwarded-for"; const char SHRPX_OPT_ADD_X_FORWARDED_FOR[] = "add-x-forwarded-for";
const char SHRPX_OPT_STRIP_INCOMING_X_FORWARDED_FOR[] = "strip-incoming-x-forwarded-for";
const char SHRPX_OPT_NO_VIA[] = "no-via"; const char SHRPX_OPT_NO_VIA[] = "no-via";
const char const char
SHRPX_OPT_FRONTEND_HTTP2_READ_TIMEOUT[] = "frontend-http2-read-timeout"; SHRPX_OPT_FRONTEND_HTTP2_READ_TIMEOUT[] = "frontend-http2-read-timeout";
...@@ -425,6 +426,12 @@ int parse_config(const char *opt, const char *optarg) ...@@ -425,6 +426,12 @@ int parse_config(const char *opt, const char *optarg)
return 0; return 0;
} }
if(util::strieq(opt, SHRPX_OPT_STRIP_INCOMING_X_FORWARDED_FOR)) {
mod_config()->strip_incoming_x_forwarded_for = util::strieq(optarg, "yes");
return 0;
}
if(util::strieq(opt, SHRPX_OPT_NO_VIA)) { if(util::strieq(opt, SHRPX_OPT_NO_VIA)) {
mod_config()->no_via = util::strieq(optarg, "yes"); mod_config()->no_via = util::strieq(optarg, "yes");
......
...@@ -65,6 +65,7 @@ extern const char SHRPX_OPT_HTTP2_PROXY[]; ...@@ -65,6 +65,7 @@ extern const char SHRPX_OPT_HTTP2_PROXY[];
extern const char SHRPX_OPT_HTTP2_BRIDGE[]; extern const char SHRPX_OPT_HTTP2_BRIDGE[];
extern const char SHRPX_OPT_CLIENT_PROXY[]; extern const char SHRPX_OPT_CLIENT_PROXY[];
extern const char SHRPX_OPT_ADD_X_FORWARDED_FOR[]; extern const char SHRPX_OPT_ADD_X_FORWARDED_FOR[];
extern const char SHRPX_OPT_STRIP_INCOMING_X_FORWARDED_FOR[];
extern const char SHRPX_OPT_NO_VIA[]; extern const char SHRPX_OPT_NO_VIA[];
extern const char SHRPX_OPT_FRONTEND_HTTP2_READ_TIMEOUT[]; extern const char SHRPX_OPT_FRONTEND_HTTP2_READ_TIMEOUT[];
extern const char SHRPX_OPT_FRONTEND_READ_TIMEOUT[]; extern const char SHRPX_OPT_FRONTEND_READ_TIMEOUT[];
...@@ -260,6 +261,7 @@ struct Config { ...@@ -260,6 +261,7 @@ struct Config {
bool http2_bridge; bool http2_bridge;
bool client_proxy; bool client_proxy;
bool add_x_forwarded_for; bool add_x_forwarded_for;
bool strip_incoming_x_forwarded_for;
bool no_via; bool no_via;
bool upstream_no_tls; bool upstream_no_tls;
bool downstream_no_tls; bool downstream_no_tls;
......
...@@ -394,14 +394,16 @@ int Http2DownstreamConnection::push_request_headers() ...@@ -394,14 +394,16 @@ int Http2DownstreamConnection::push_request_headers()
auto xff = downstream_->get_norm_request_header("x-forwarded-for"); auto xff = downstream_->get_norm_request_header("x-forwarded-for");
if(get_config()->add_x_forwarded_for) { if(get_config()->add_x_forwarded_for) {
if(xff != end_headers) { if(xff != end_headers &&
!get_config()->strip_incoming_x_forwarded_for) {
xff_value = (*xff).value; xff_value = (*xff).value;
xff_value += ", "; xff_value += ", ";
} }
xff_value += downstream_->get_upstream()->get_client_handler()-> xff_value += downstream_->get_upstream()->get_client_handler()->
get_ipaddr(); get_ipaddr();
nva.push_back(http2::make_nv_ls("x-forwarded-for", xff_value)); nva.push_back(http2::make_nv_ls("x-forwarded-for", xff_value));
} else if(xff != end_headers) { } else if(xff != end_headers &&
!get_config()->strip_incoming_x_forwarded_for) {
nva.push_back(http2::make_nv_ls("x-forwarded-for", (*xff).value)); nva.push_back(http2::make_nv_ls("x-forwarded-for", (*xff).value));
} }
......
...@@ -209,14 +209,16 @@ int HttpDownstreamConnection::push_request_headers() ...@@ -209,14 +209,16 @@ int HttpDownstreamConnection::push_request_headers()
auto xff = downstream_->get_norm_request_header("x-forwarded-for"); auto xff = downstream_->get_norm_request_header("x-forwarded-for");
if(get_config()->add_x_forwarded_for) { if(get_config()->add_x_forwarded_for) {
hdrs += "X-Forwarded-For: "; hdrs += "X-Forwarded-For: ";
if(xff != end_headers) { if(xff != end_headers &&
!get_config()->strip_incoming_x_forwarded_for) {
hdrs += (*xff).value; hdrs += (*xff).value;
http2::sanitize_header_value(hdrs, hdrs.size() - (*xff).value.size()); http2::sanitize_header_value(hdrs, hdrs.size() - (*xff).value.size());
hdrs += ", "; hdrs += ", ";
} }
hdrs += client_handler_->get_ipaddr(); hdrs += client_handler_->get_ipaddr();
hdrs += "\r\n"; hdrs += "\r\n";
} else if(xff != end_headers) { } else if(xff != end_headers &&
!get_config()->strip_incoming_x_forwarded_for) {
hdrs += "X-Forwarded-For: "; hdrs += "X-Forwarded-For: ";
hdrs += (*xff).value; hdrs += (*xff).value;
http2::sanitize_header_value(hdrs, hdrs.size() - (*xff).value.size()); http2::sanitize_header_value(hdrs, hdrs.size() - (*xff).value.size());
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment