trunk

changeset 3472:61cf3e7d7f07

find changesets by author, revision, files, or words in the commit message
mod_bosh: Support for reading the client's real IP through HTTP proxies from X-Forwarded-For
author Matthew Wild <mwild1@gmail.com>
date Sat, 28 Aug 2010 22:25:12 +0100
parents 482275e38224
children 84fe4d5ac2ed
files plugins/mod_bosh.lua
diffstat 1 files changed, 19 insertions(+), 2 deletions(-) [+]
line diff
     1.1 --- a/plugins/mod_bosh.lua	Sat Aug 28 14:31:48 2010 +0100
     1.2 +++ b/plugins/mod_bosh.lua	Sat Aug 28 22:25:12 2010 +0100
     1.3 @@ -55,6 +55,22 @@
     1.4  	end
     1.5  end
     1.6  
     1.7 +local trusted_proxies = module:get_option_set("trusted_proxies", {"127.0.0.1"})._items;
     1.8 +
     1.9 +local function get_ip_from_request(request)
    1.10 +	local ip = request.handler:ip();
    1.11 +	local forwarded_for = request.headers["x-forwarded-for"];
    1.12 +	if forwarded_for then
    1.13 +		forwarded_for = forwarded_for..", "..ip;
    1.14 +		for forwarded_ip in forwarded_for:gmatch("[^%s,]+") do
    1.15 +			if not trusted_proxies[forwarded_ip] then
    1.16 +				ip = forwarded_ip;
    1.17 +			end
    1.18 +		end
    1.19 +	end
    1.20 +	return ip;
    1.21 +end
    1.22 +
    1.23  local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat;
    1.24  local os_time = os.time;
    1.25  
    1.26 @@ -216,10 +232,12 @@
    1.27  			bosh_hold = BOSH_DEFAULT_HOLD, bosh_max_inactive = BOSH_DEFAULT_INACTIVITY,
    1.28  			requests = { }, send_buffer = {}, reset_stream = bosh_reset_stream,
    1.29  			close = bosh_close_stream, dispatch_stanza = core_process_stanza,
    1.30 -			log = logger.init("bosh"..sid),	secure = consider_bosh_secure or request.secure
    1.31 +			log = logger.init("bosh"..sid),	secure = consider_bosh_secure or request.secure,
    1.32 +			ip = get_ip_from_request(request);
    1.33  		};
    1.34  		sessions[sid] = session;
    1.35  		
    1.36 +		session.log("debug", "BOSH session created for request from %s", session.ip);
    1.37  		log("info", "New BOSH session, assigned it sid '%s'", sid);
    1.38  		local r, send_buffer = session.requests, session.send_buffer;
    1.39  		local response = { headers = default_headers }
    1.40 @@ -324,7 +342,6 @@
    1.41  		if stanza.attr.xmlns == xmlns_bosh then
    1.42  			stanza.attr.xmlns = nil;
    1.43  		end
    1.44 -		session.ip = request.handler:ip();
    1.45  		core_process_stanza(session, stanza);
    1.46  	end
    1.47  end