Changeset

3472:61cf3e7d7f07

mod_bosh: Support for reading the client's real IP through HTTP proxies from X-Forwarded-For
author Matthew Wild <mwild1@gmail.com>
date Sat, 28 Aug 2010 22:25:12 +0100
parents 3471:482275e38224
children 3473:84fe4d5ac2ed
files plugins/mod_bosh.lua
diffstat 1 files changed, 19 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_bosh.lua	Sat Aug 28 14:31:48 2010 +0100
+++ b/plugins/mod_bosh.lua	Sat Aug 28 22:25:12 2010 +0100
@@ -55,6 +55,22 @@
 	end
 end
 
+local trusted_proxies = module:get_option_set("trusted_proxies", {"127.0.0.1"})._items;
+
+local function get_ip_from_request(request)
+	local ip = request.handler:ip();
+	local forwarded_for = request.headers["x-forwarded-for"];
+	if forwarded_for then
+		forwarded_for = forwarded_for..", "..ip;
+		for forwarded_ip in forwarded_for:gmatch("[^%s,]+") do
+			if not trusted_proxies[forwarded_ip] then
+				ip = forwarded_ip;
+			end
+		end
+	end
+	return ip;
+end
+
 local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat;
 local os_time = os.time;
 
@@ -216,10 +232,12 @@
 			bosh_hold = BOSH_DEFAULT_HOLD, bosh_max_inactive = BOSH_DEFAULT_INACTIVITY,
 			requests = { }, send_buffer = {}, reset_stream = bosh_reset_stream,
 			close = bosh_close_stream, dispatch_stanza = core_process_stanza,
-			log = logger.init("bosh"..sid),	secure = consider_bosh_secure or request.secure
+			log = logger.init("bosh"..sid),	secure = consider_bosh_secure or request.secure,
+			ip = get_ip_from_request(request);
 		};
 		sessions[sid] = session;
 		
+		session.log("debug", "BOSH session created for request from %s", session.ip);
 		log("info", "New BOSH session, assigned it sid '%s'", sid);
 		local r, send_buffer = session.requests, session.send_buffer;
 		local response = { headers = default_headers }
@@ -324,7 +342,6 @@
 		if stanza.attr.xmlns == xmlns_bosh then
 			stanza.attr.xmlns = nil;
 		end
-		session.ip = request.handler:ip();
 		core_process_stanza(session, stanza);
 	end
 end