commit 041e55424116a414f037f539d2bccc3b247e74ba
parent 1d94954ac3b7aad37b74278de6a0621ebcfe94c9
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 26 Apr 2026 22:08:06 +0200
implement new -f option to extract client address from X-forwarded-for header
Diffstat:
1 file changed, 43 insertions(+), 6 deletions(-)
diff --git a/src/backend/paivana-httpd_helper.c b/src/backend/paivana-httpd_helper.c
@@ -36,8 +36,47 @@ PAIVANA_HTTPD_get_client_address (struct MHD_Connection *connection,
const struct sockaddr *sa;
socklen_t sa_len;
- // FIXME: also support getting client address from HTTP
- // headers instead (in case of reverse proxy).
+ *ca = NULL;
+ *ca_len = 0;
+ if (PH_respect_forwarded_headers)
+ {
+ const char *xff;
+
+ xff = MHD_lookup_connection_value (connection,
+ MHD_HEADER_KIND,
+ "X-Forwarded-For");
+ if (NULL != xff)
+ {
+ const char *start = xff;
+ const char *end;
+ size_t len;
+
+ /* Use first part before ',', getting rid of whitespace
+ at start or end of the substring. */
+ while ( (' ' == *start) ||
+ ('\t' == *start) )
+ start++;
+ end = strchr (start,
+ ',');
+ len = (NULL != end)
+ ? (size_t) (end - start)
+ : strlen (start);
+ while ( (len > 0) &&
+ ( (' ' == start[len - 1]) ||
+ ('\t' == start[len - 1]) ) )
+ len--;
+ if (0 == len)
+ {
+ GNUNET_break_op (0);
+ return false;
+ }
+ *ca = GNUNET_strndup (start,
+ len);
+ *ca_len = len;
+ return true;
+ }
+ /* No header present: fall through to the socket address. */
+ }
ci = MHD_get_connection_info (connection,
MHD_CONNECTION_INFO_CLIENT_ADDRESS);
GNUNET_assert (NULL != ci);
@@ -52,12 +91,10 @@ PAIVANA_HTTPD_get_client_address (struct MHD_Connection *connection,
break;
default:
GNUNET_break (0);
- *ca = NULL;
- *ca_len = 0;
return false;
}
- ca = GNUNET_memdup (sa,
- sa_len);
+ *ca = GNUNET_memdup (sa,
+ sa_len);
*ca_len = sa_len;
return true;
}
