You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/05/07 03:03:05 UTC
[GitHub] [apisix] spacewander commented on a diff in pull request #6988: feat(real-ip): support search recursive
spacewander commented on code in PR #6988:
URL: https://github.com/apache/apisix/pull/6988#discussion_r867293987
##########
apisix/plugins/real-ip.lua:
##########
@@ -84,6 +104,22 @@ local function get_addr(conf, ctx)
return addrs
end
+ if conf.recursive and conf.trusted_addresses then
+ local split_addrs = {}
+ local match_itr = str_gmatch(addrs, "[^,%s*]+")
+ for itr in match_itr do
+ tb_insert(split_addrs, itr)
+ end
+
+ for i = #split_addrs, 1, -1 do
Review Comment:
```suggestion
for i = #split_addrs, 2, -1 do
```
We don't care if the first one can be trusted.
##########
docs/en/latest/plugins/real-ip.md:
##########
@@ -41,10 +41,11 @@ This Plugin requires APISIX to run on [APISIX-OpenResty](../how-to-build.md#step
## Attributes
-| Name | Type | Required | Valid values | Description |
-|-------------------|---------------|----------|-----------------------------------------------------------------|-----------------------------------------------------------------------------------|
-| source | string | True | Any Nginx variable like `arg_realip` or `http_x_forwarded_for`. | Dynamically sets the client's IP address and an optional port from APISIX's view. |
-| trusted_addresses | array[string] | False | List of IPs or CIDR ranges. | Dynamically sets the `set_real_ip_from` field. |
+| Name | Type | Required | Valid values | Description |
+|-------------------|---------------|----------|-----------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| source | string | True | Any Nginx variable like `arg_realip` or `http_x_forwarded_for`. | Dynamically sets the client's IP address and an optional port from APISIX's view. |
+| trusted_addresses | array[string] | False | List of IPs or CIDR ranges. | Dynamically sets the `set_real_ip_from` field. |
+| recursive | boolean | False | True to enable, false to disable, default is false | If recursive search is disabled, the original client address that matches one of the trusted addresses is replaced by the last address sent in the request header field defined by the real_ip_header directive. If recursive search is enabled, the original client address that matches one of the trusted addresses is replaced by the last non-trusted address sent in the request header field. |
Review Comment:
```suggestion
| recursive | boolean | False | True to enable, false to disable, default is false | If recursive search is disabled, the original client address that matches one of the trusted addresses is replaced by the last address sent in the configured `source`. If recursive search is enabled, the original client address that matches one of the trusted addresses is replaced by the last non-trusted address sent in the configured `source`. |
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org