From 30d71c63596eaba23f40c47baed0482d84d8f0f9 Mon Sep 17 00:00:00 2001 From: Michael Peter Christen Date: Tue, 15 Aug 2017 07:16:01 +0200 Subject: [PATCH] added usage of X-Real-IP http header to identify request IPs which came through NGINX reverse proxy configurations --- source/net/yacy/cora/protocol/RequestHeader.java | 14 ++++++++++++-- .../net/yacy/http/servlets/SolrSelectServlet.java | 4 ++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/source/net/yacy/cora/protocol/RequestHeader.java b/source/net/yacy/cora/protocol/RequestHeader.java index 62f0a0b41..ab9a291c3 100644 --- a/source/net/yacy/cora/protocol/RequestHeader.java +++ b/source/net/yacy/cora/protocol/RequestHeader.java @@ -76,6 +76,7 @@ public class RequestHeader extends HeaderFramework implements HttpServletRequest public static final String X_CACHE = "X-Cache"; public static final String X_CACHE_LOOKUP = "X-Cache-Lookup"; + public static final String X_Real_IP = "X-Real-IP"; public static final String COOKIE = "Cookie"; @@ -147,7 +148,7 @@ public class RequestHeader extends HeaderFramework implements HttpServletRequest if (refererHost == null || refererHost.isEmpty() || Domains.isLocalhost(refererHost)) return true; return false; } - + /** * Gets the header entry "Cookie" as on string containing all cookies * @@ -706,12 +707,21 @@ public class RequestHeader extends HeaderFramework implements HttpServletRequest @Override public String getRemoteAddr() { if (this._request != null) { - return _request.getRemoteAddr(); + return client(_request); } else { return super.get(HeaderFramework.CONNECTION_PROP_CLIENTIP); } } + public static String client(final ServletRequest request) { + String clientHost = request.getRemoteAddr(); + if (request instanceof HttpServletRequest) { + String XRealIP = ((HttpServletRequest) request).getHeader(X_Real_IP); + if (XRealIP != null && XRealIP.length() > 0) clientHost = XRealIP; // get IP through nginx config "proxy_set_header X-Real-IP $remote_addr;" + } + return clientHost; + } + @Override public String getRemoteHost() { if (_request != null) { diff --git a/source/net/yacy/http/servlets/SolrSelectServlet.java b/source/net/yacy/http/servlets/SolrSelectServlet.java index 84434367e..497eb1236 100644 --- a/source/net/yacy/http/servlets/SolrSelectServlet.java +++ b/source/net/yacy/http/servlets/SolrSelectServlet.java @@ -47,6 +47,8 @@ import net.yacy.cora.federate.solr.responsewriter.HTMLResponseWriter; import net.yacy.cora.federate.solr.responsewriter.OpensearchResponseWriter; import net.yacy.cora.federate.solr.responsewriter.SnapshotImagesReponseWriter; import net.yacy.cora.federate.solr.responsewriter.YJsonResponseWriter; +import net.yacy.cora.protocol.RequestHeader; +import net.yacy.cora.util.ConcurrentLog; import net.yacy.data.UserDB; import net.yacy.search.Switchboard; import net.yacy.search.SwitchboardConstants; @@ -162,6 +164,8 @@ public class SolrSelectServlet extends HttpServlet { */ } String q = mmsp.get(CommonParams.Q, ""); + ConcurrentLog.info("SolrSelect", "client=" + RequestHeader.client(request) + " q=" + q); // to detect bots and dos + if (querystring.length() == 0) querystring = q; if (!mmsp.getMap().containsKey(CommonParams.START)) { int startRecord = mmsp.getFieldInt("startRecord", null, CommonParams.START_DEFAULT);