(more!) evaluation of XRealIP from nginx reverse proxy

7 years ago · 4355de0f3c
parent 30d71c6359
commit 4355de0f3c
7 changed files with 23 additions and 8 deletions
--- a/htroot/yacysearchitem.java
+++ b/htroot/yacysearchitem.java
@ -208,8 +208,12 @@ public class yacysearchitem {
                	prop.putXML("content_image_url", faviconURL.toNormalform(true));
            	}
            } else {
-            	prop.put("content_image", 1);
-            	prop.putXML("content_image_url", result.imageURL());
+            	try {
+            		prop.putXML("content_image_url", result.imageURL());
+            		prop.put("content_image", 1);
+            	} catch (UnsupportedOperationException e) {
+                	prop.put("content_image", 0);
+            	}
            }
            
            prop.put("content_urlhash", urlhash);
--- a/source/net/yacy/cora/protocol/RequestHeader.java
+++ b/source/net/yacy/cora/protocol/RequestHeader.java
@ -725,10 +725,19 @@ public class RequestHeader extends HeaderFramework implements HttpServletRequest
    @Override
    public String getRemoteHost() {
        if (_request != null) {
-            return _request.getRemoteHost();
+            return host(_request);
        }
        throw new UnsupportedOperationException("Not supported yet.");
    }
+    
+    public static String host(final ServletRequest request) {
+        String clientHost = request.getRemoteHost();
+        if (request instanceof HttpServletRequest) {
+        	String XRealIP = ((HttpServletRequest) request).getHeader(X_Real_IP);
+        	if (XRealIP != null && XRealIP.length() > 0) clientHost = XRealIP; // get IP through nginx config "proxy_set_header X-Real-IP $remote_addr;"
+        }
+		return clientHost;
+    }

    @Override
    public void setAttribute(String name, Object o) {
--- a/source/net/yacy/http/Jetty9YaCySecurityHandler.java
+++ b/source/net/yacy/http/Jetty9YaCySecurityHandler.java
@ -64,7 +64,7 @@ public class Jetty9YaCySecurityHandler extends ConstraintSecurityHandler {

        String refererHost;
        // update AccessTracker
-        final String remoteip = request.getRemoteAddr();
+        final String remoteip = RequestHeader.client(request);
        serverAccessTracker.track(remoteip, pathInContext);
        
        try {
--- a/source/net/yacy/http/MonitorHandler.java
+++ b/source/net/yacy/http/MonitorHandler.java
@ -32,6 +32,7 @@ import javax.servlet.http.HttpServletResponse;

 import net.yacy.cora.protocol.ConnectionInfo;
 import net.yacy.cora.protocol.Domains;
+import net.yacy.cora.protocol.RequestHeader;

 import org.eclipse.jetty.io.Connection;
 import org.eclipse.jetty.server.Request;
@ -58,7 +59,7 @@ public class MonitorHandler extends AbstractHandler {
 		final Connection connection = baseRequest.getHttpChannel().getEndPoint().getConnection();
 		final ConnectionInfo info = new ConnectionInfo(
 				baseRequest.getScheme(),
-				baseRequest.getRemoteAddr() + ":" + baseRequest.getRemotePort(),
+				RequestHeader.client(baseRequest) + ":" + baseRequest.getRemotePort(),
 				baseRequest.getMethod() + " " + baseRequest.getHttpURI().getPathQuery(),
 				connection.hashCode(),
 				baseRequest.getTimeStamp(),
--- a/source/net/yacy/http/servlets/GSAsearchServlet.java
+++ b/source/net/yacy/http/servlets/GSAsearchServlet.java
@ -42,6 +42,7 @@ import net.yacy.cora.federate.solr.Ranking;
 import net.yacy.cora.federate.solr.connector.EmbeddedSolrConnector;
 import net.yacy.cora.federate.solr.responsewriter.GSAResponseWriter;
 import net.yacy.cora.protocol.HeaderFramework;
+import net.yacy.cora.protocol.RequestHeader;
 import net.yacy.cora.util.ConcurrentLog;
 import net.yacy.data.UserDB;
 import net.yacy.search.Switchboard;
@ -102,7 +103,7 @@ public class GSAsearchServlet extends HttpServlet {
    private void respond(final HttpServletRequest header, final Switchboard sb, final OutputStream out) {

        // remember the peer contact for peer statistics
-        String clientip = header.getRemoteAddr();
+        String clientip = RequestHeader.client(header);
        if (clientip == null) clientip = "<unknown>"; // read an artificial header addendum
        String userAgent = header.getHeader(HeaderFramework.USER_AGENT);
        if (userAgent == null) userAgent = "<unknown>";
--- a/source/net/yacy/http/servlets/UrlProxyServlet.java
+++ b/source/net/yacy/http/servlets/UrlProxyServlet.java
@ -102,7 +102,7 @@ public class UrlProxyServlet extends HttpServlet implements Servlet {
            return;
        }
        
-        final String remoteHost = req.getRemoteHost();
+        final String remoteHost = req.getRemoteAddr();
        if (!Domains.isThisHostIP(remoteHost)) {
            if (!proxyippatternmatch(remoteHost)) {
                response.sendError(HttpServletResponse.SC_FORBIDDEN,
--- a/source/net/yacy/http/servlets/YaCyQoSFilter.java
+++ b/source/net/yacy/http/servlets/YaCyQoSFilter.java
@ -40,7 +40,7 @@ public class YaCyQoSFilter extends QoSFilter {
    protected int getPriority(ServletRequest request) {
        if (request.getServerName().equalsIgnoreCase(Domains.LOCALHOST)) {
            return 10; // highest priority for "localhost"
-        } else if (Domains.isLocalhost(request.getRemoteHost())) {
+        } else if (Domains.isLocalhost(request.getRemoteAddr())) {
            return 9;
        } else {
            return super.getPriority(request); // standard: authenticated = 2, other = 1 or 0