Open krizhanovsky opened 5 years ago
Hi, I currently working on this issue for my myself. I have almost done with first and second part. When I write tests I will PR. Can you assign it to me if you don't working on this task?
Hi @const-t ,
I assigned the issue to you and we'll be happy to see a pull request from you!
Parsing of forwarded header has been implemented. Functional tests also has been added . Now, we need to introduce support of X-Real-IP
. X-Real-IP
requires functional tests too.
Also please see the TODO comment in https://github.com/tempesta-tech/tempesta/pull/1994 and do it
Scope
We support
X-Forwarded-For
header while RFC 7239 introduces standardForwarded
header which also must be parsed as special header. At least following arguments must be processed:for
as currentX-Forwarded-For
host
as currentHost
header and URI host part. Tempesta must correctly choose the right host header (e.g. for HTTPtables) if all the hosts (from URI and Host and Forwarded headers) are different.X-Real-IP
is another header passing real client IP (just checked that my home router and 3G network proxy set this header)The
host
parameter is crucial to keep an application (e.g. using redirects) working, see https://github.com/fideloper/TrustedProxy#why-does-this-matterAlso need to implement an equivalent option to Nginx's
set_real_ip_from
, e.g.Probably the best way to store the IP addresses and netmasks is to use Htrie. A special index-only Htrie extension using very small data block, not extent as by default, must be developed. #910 requires data, but also needs static read-only HTrie with a very small data, so the #910 requirements must be addressed in the extension as well. The addresses should be converted to IPv6 form.
Testing
A functional test must be developed as part of the task. Examples from the RFC must be in the test. Also the test for choosing the right host header (e.g. for HTTPtables) if all the hosts (from URI and Host and Forwarded headers) are different is required. Also test malicious values like
mysite “><xss>
.