nginx.git, branch release-1.3.0 nginx nginx-1.3.0-RELEASE 2012-05-15T14:23:49+00:00 Maxim Dounin mdounin@mdounin.ru 2012-05-15T14:23:49+00:00 479e06d88b14ea2b4512545825ccce48ca7ec028 






Updated OpenSSL used for win32 builds.
2012-05-15T14:20:06+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-05-15T14:20:06+00:00

07c178491cf53b2247e8d1c1bb594a564c566494












Fixed win32 build after changes in r4624.
2012-05-15T08:10:59+00:00

Ruslan Ermilov
ru@nginx.com

2012-05-15T08:10:59+00:00

e3bb319e34785fb5b9287888988166b6199f0746












Update c->sent in ngx_ssl_send_chain() even if SSL buffer is not used.
2012-05-14T16:30:33+00:00

Valentin Bartenev
vbart@nginx.com

2012-05-14T16:30:33+00:00

0215fcc9b8c6fa288ec2e445121cb0e092d79428












Reverted previous attempt to fix complation warning introduced in
2012-05-14T15:52:37+00:00

Ruslan Ermilov
ru@nginx.com

2012-05-14T15:52:37+00:00

9a79c3431afd57cb8280af41a33d173d53c95394

r4624 and actually fixed it.





r4624 and actually fixed it.







geoip: trusted proxies support and partial IPv6 support.
2012-05-14T14:00:17+00:00

Ruslan Ermilov
ru@nginx.com

2012-05-14T14:00:17+00:00

d4ba06c31a09fd82a1a2b8046384b6c136df0aae

The module now supports recursive search of client address through the
chain of trusted proxies (closes #100), in the same scope as the geo
module.  Proxies are listed by the "geoip_proxy" directive, recursive
search is enabled by the "geoip_proxy_recursive" directive.  IPv6 is
partially supported: proxies may be specified with IPv6 addresses.

Example:
    geoip_country .../GeoIP.dat;
    geoip_proxy 127.0.0.1;
    geoip_proxy ::1;
    geoip_proxy 10.0.0.0/8;
    geoip_proxy_recursive on;





The module now supports recursive search of client address through the
chain of trusted proxies (closes #100), in the same scope as the geo
module.  Proxies are listed by the "geoip_proxy" directive, recursive
search is enabled by the "geoip_proxy_recursive" directive.  IPv6 is
partially supported: proxies may be specified with IPv6 addresses.

Example:
    geoip_country .../GeoIP.dat;
    geoip_proxy 127.0.0.1;
    geoip_proxy ::1;
    geoip_proxy 10.0.0.0/8;
    geoip_proxy_recursive on;







geo: chains of trusted proxies and partial IPv6 support.
2012-05-14T13:53:22+00:00

Ruslan Ermilov
ru@nginx.com

2012-05-14T13:53:22+00:00

69521ddebf3562751ffd792b3eb4f356ae6d8ed6

The module now supports recursive search of client address through
the chain of trusted proxies, controlled by the "proxy_recursive"
directive in the "geo" block.  It also gets partial IPv6 support:
now proxies may be specified with IPv6 addresses.

Example:
    geo $test {
        ...
        proxy 127.0.0.1;
        proxy ::1;
        proxy_recursive;
    }

There's also a slight change in behavior.  When original client
address (as specified by the "geo" directive) is one of the
trusted proxies, and the value of the X-Forwarded-For request
header cannot not be parsed as a valid address, an original client
address will be used for lookup.  Previously, 255.255.255.255 was
used in this case.





The module now supports recursive search of client address through
the chain of trusted proxies, controlled by the "proxy_recursive"
directive in the "geo" block.  It also gets partial IPv6 support:
now proxies may be specified with IPv6 addresses.

Example:
    geo $test {
        ...
        proxy 127.0.0.1;
        proxy ::1;
        proxy_recursive;
    }

There's also a slight change in behavior.  When original client
address (as specified by the "geo" directive) is one of the
trusted proxies, and the value of the X-Forwarded-For request
header cannot not be parsed as a valid address, an original client
address will be used for lookup.  Previously, 255.255.255.255 was
used in this case.







Fixed compilation warning introduced in r4624.
2012-05-14T13:15:22+00:00

Ruslan Ermilov
ru@nginx.com

2012-05-14T13:15:22+00:00

11a8e26d29d6f6837f4c365766ebb2ec94efc428












realip: chains of trusted proxies and IPv6 support.
2012-05-14T12:41:03+00:00

Ruslan Ermilov
ru@nginx.com

2012-05-14T12:41:03+00:00

7627530b50adb81252f7924d3751e00f65601874

The module now supports recursive search of client address through
the chain of trusted proxies, controlled by the "real_ip_recursive"
directive (closes #2).  It also gets full IPv6 support (closes #44)
and canonical value of the $client_addr variable on address change.

Example:
    real_ip_header X-Forwarded-For;
    set_real_ip_from 127.0.0.0/8;
    set_real_ip_from ::1;
    set_real_ip_from unix:;
    real_ip_recursive on;





The module now supports recursive search of client address through
the chain of trusted proxies, controlled by the "real_ip_recursive"
directive (closes #2).  It also gets full IPv6 support (closes #44)
and canonical value of the $client_addr variable on address change.

Example:
    real_ip_header X-Forwarded-For;
    set_real_ip_from 127.0.0.0/8;
    set_real_ip_from ::1;
    set_real_ip_from unix:;
    real_ip_recursive on;







New function ngx_http_get_forwarded_addr() to look up real client address.
2012-05-14T12:27:41+00:00

Ruslan Ermilov
ru@nginx.com

2012-05-14T12:27:41+00:00

8e5dc474e5d848924c407c091199a97832bcd0ed

On input it takes an original address, string in the X-Forwarded-For format
and its length, list of trusted proxies, and a flag indicating to perform
the recursive search.  On output it returns NGX_OK and the "deepest" valid
address in a chain, or NGX_DECLINED.  It supports AF_INET and AF_INET6.
Additionally, original address and/or proxy may be specified as AF_UNIX.





On input it takes an original address, string in the X-Forwarded-For format
and its length, list of trusted proxies, and a flag indicating to perform
the recursive search.  On output it returns NGX_OK and the "deepest" valid
address in a chain, or NGX_DECLINED.  It supports AF_INET and AF_INET6.
Additionally, original address and/or proxy may be specified as AF_UNIX.