Custom Query (2297 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:

Results (46 - 48 of 2297)

6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Ticket Resolution Summary Owner Reporter
#671 invalid X-Forwarded-For problem when using HTTPS Wagner Caixeta
Description

I m using nginx as reverse proxy for some rails apps (unicorn).

Im stuck with how to keep X-Forwared-For pass over nginx when im using HTTPS.

It is ok with HTTP, but when i use HTTPS the original X-Forwared-For information is gone.

What arrives in my Rails APP?

172.16.6.234 = Desktop IP. 172.16.6.12 = A SQUID proxy.

USING HTTP: 

"HTTP_X_FORWARDED_FOR"=>"172.16.6.234, 172.16.0.12"

USING HTTPS: 

"HTTP_X_FORWARDED_FOR"=>"172.16.0.12"

Same directives for 443 and 80 ports, but SSL on.

I also tried to use: 

set_real_ip_from  172.16.0.12;
set_real_ip_from  127.0.0.1/8;
set_real_ip_from  unix:;
real_ip_header    X-Forwarded-For;
real_ip_recursive on;

I stil having problems, but with a diferent result:

USING HTTP: 

"HTTP_VIA"=>"1.1 spider06.assembleia.go.gov.br:3128 (squid/2.6.STABLE21)"
"HTTP_X_FORWARDED_FOR"=>"172.16.6.234"

USING HTTPS: 

HTTP_X_FORWARDED_FOR and HTTP_VIA are missing.

I guess it is a unespected behaivor, so im opening this ticket.

Tested on: 0.88, 1.6.2 and 1.7.7.

Config file: 

upstream app_sgp {
    server unix:/var/www/html/sgp/tmp/sockets/unicorn.sock fail_timeout=0;
}
server {
        listen 80 default deferred;
        server_name 172.16.0.26;

        root /var/www/html/error/;

        location ^~ /assets/ {
                gzip_static on;
                expires max;
                add_header Cache-Control public;
        }

        try_files $uri/index.html $uri $uri.html;

        error_page 500 502 503 504 /500.html;
        client_max_body_size 4G;
        keepalive_timeout 10;

	location /sgp/ {
		proxy_read_timeout 300;
		proxy_connect_timeout 300;
		proxy_set_header X-Real-IP	$remote_addr;
		proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header  X-Forwarded-Proto $scheme;
                proxy_set_header  Host $http_host;
                proxy_redirect    off;
		proxy_pass http://app_sgp;
   	}

	location = /500.html {
    		root /var/www/html/error/;
	}

}

server {
	listen 443;
	ssl on;
	server_name 172.16.0.26;

	ssl_certificate      /etc/nginx/ssl/intranet.crt;
	ssl_certificate_key  /etc/nginx/ssl/intranet.key;
	ssl_protocols  SSLv2 SSLv3 TLSv1;
	ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
	ssl_prefer_server_ciphers   on;

	location ^~ /assets/ {
                gzip_static on;
                expires max;
                add_header Cache-Control public;
	}


	root /var/www/html/error/;
	try_files $uri/index.html $uri.html $uri;

	location /sgp/ {
		proxy_read_timeout 300;
		proxy_connect_timeout 300;
		proxy_set_header X-Real-IP	$remote_addr;
		proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header  X-Forwarded-Proto $scheme;
                proxy_set_header  Host $http_host;
                proxy_redirect    off;
		proxy_pass http://app_sgp;
   	}



	location = /500.html {
    		root /var/www/html/error/;
	}
}
#447 invalid X-Forwarded-For header incorrect sometimes when using nginx as proxy Jiri Horky
Description

Hi,

we found out that the nginx sometimes sets wrong IP addresses in "X-Forwarded-For" header. It seems to be some race condition that only triggers once per ~6000 requests in our environment. The correct field in the header should like like this:

X-Forwarded-For: 84.236.127.136

but sometimes we see this:

X-Forwarded-For: 12.13.14.15, 2.29.89.233

i.e. two IP addresses separated by coma and space. We use nginx as SSL terminator/proxy, the config file is attached. The nginx version is 1.5.6.

#316 fixed X-Accel-Redirect should accept escaped URI Sergey Kandaurov
Description

When using the X-Accel-Redirect, it fails to send some files (returning a 404) because it does not URL-decode the requested path. It does work when the file name need not be URL-decoded. The reason is that X-Accel-Redirect expected to contain non-encoded URI. In particular this makes impossible to (normally) serve resources with '?' in name, as anything after '?' is treated as query string.

Correct fix would be to change X-Accel-Redirect to accept escaped URI instead. X-Accel-Redirect value should be unescaped when it got from upstream, somewhere before ngx_http_internal_redirect() call. Probably ngx_http_parse_unsafe_uri() should be changed to unescape uri. The change of ngx_http_parse_unsafe_uri() will also positively affect dav and ssi modules. There are several patches proposed by the community [2][3].

References: [1] http://mailman.nginx.org/pipermail/nginx/2010-September/022383.html [2] http://nginx.2469901.n2.nabble.com/Bug-X-Accel-Redirect-td5510716.html [3] http://forum.nginx.org/read.php?29,221834,221834#msg-221834

6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Batch Modify
Note: See TracBatchModify for help on using batch modify.
Note: See TracQuery for help on using queries.