From 09c684b2d53b46b6ffb706c686ca4dbed62cf6da Mon Sep 17 00:00:00 2001
From: Igor Sysoev <igor@sysoev.ru>
Date: Wed, 9 Nov 2005 17:25:55 +0000
Subject: nginx-0.3.8-RELEASE import

    *) Security: nginx now checks URI got from a backend in
       "X-Accel-Redirect" header line or in SSI file for the "/../" paths
       and zeroes.

    *) Change: nginx now does not treat the empty user name in the
       "Authorization" header line as valid one.

    *) Feature: the "ssl_session_timeout" directives of the
       ngx_http_ssl_module and ngx_imap_ssl_module.

    *) Feature: the "auth_http_header" directive of the
       ngx_imap_auth_http_module.

    *) Feature: the "add_header" directive.

    *) Feature: the ngx_http_realip_module.

    *) Feature: the new variables to use in the "log_format" directive:
       $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri,
       $request_time, $request_length, $upstream_status,
       $upstream_response_time, $gzip_ratio, $uid_got, $uid_set,
       $connection, $pipe, and $msec. The parameters in the "%name" form
       will be canceled soon.

    *) Change: now the false variable values in the "if" directive are the
       empty string "" and string starting with "0".

    *) Bugfix: while using proxied or FastCGI-server nginx may leave
       connections and temporary files with client requests in open state.

    *) Bugfix: the worker processes did not flush the buffered logs on
       graceful exit.

    *) Bugfix: if the request URI was changes by the "rewrite" directive
       and the request was proxied in location given by regular expression,
       then the incorrect request was transferred to backend; the bug had
       appeared in 0.2.6.

    *) Bugfix: the "expires" directive did not remove the previous
       "Expires" header.

    *) Bugfix: nginx may stop to accept requests if the "rtsig" method and
       several worker processes were used.

    *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in
       SSI commands.

    *) Bugfix: if the response was ended just after the SSI command and
       gzipping was used, then the response did not transferred complete or
       did not transferred at all.
---
 src/http/ngx_http_request.c | 45 ++++++++++++++++++++++++++++++---------------
 1 file changed, 30 insertions(+), 15 deletions(-)

(limited to 'src/http/ngx_http_request.c')

diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 82f69c8d0..ef5a45f56 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -112,12 +112,18 @@ ngx_http_header_t  ngx_http_headers_in[] = {
     { ngx_string("Keep-Alive"), offsetof(ngx_http_headers_in_t, keep_alive),
                  ngx_http_process_header_line },
 
-#if (NGX_HTTP_PROXY)
+#if (NGX_HTTP_PROXY || NGX_HTTP_REALIP)
     { ngx_string("X-Forwarded-For"),
                  offsetof(ngx_http_headers_in_t, x_forwarded_for),
                  ngx_http_process_header_line },
 #endif
 
+#if (NGX_HTTP_REALIP)
+    { ngx_string("X-Real-IP"),
+                 offsetof(ngx_http_headers_in_t, x_real_ip),
+                 ngx_http_process_header_line },
+#endif
+
 #if (NGX_HTTP_HEADERS)
     { ngx_string("Accept"), offsetof(ngx_http_headers_in_t, accept),
                  ngx_http_process_header_line },
@@ -190,20 +196,21 @@ ngx_http_init_connection(ngx_connection_t *c)
 static
 void ngx_http_init_request(ngx_event_t *rev)
 {
-    ngx_uint_t                 i;
-    socklen_t                  len;
-    struct sockaddr_in         sin;
-    ngx_connection_t          *c;
-    ngx_http_request_t        *r;
-    ngx_http_in_port_t        *in_port;
-    ngx_http_in_addr_t        *in_addr;
-    ngx_http_log_ctx_t        *ctx;
-    ngx_http_connection_t     *hc;
-    ngx_http_server_name_t    *server_name;
-    ngx_http_core_srv_conf_t  *cscf;
-    ngx_http_core_loc_conf_t  *clcf;
+    ngx_uint_t                  i;
+    socklen_t                   len;
+    struct sockaddr_in          sin;
+    ngx_connection_t           *c;
+    ngx_http_request_t         *r;
+    ngx_http_in_port_t         *in_port;
+    ngx_http_in_addr_t         *in_addr;
+    ngx_http_log_ctx_t         *ctx;
+    ngx_http_connection_t      *hc;
+    ngx_http_server_name_t     *server_name;
+    ngx_http_core_srv_conf_t   *cscf;
+    ngx_http_core_loc_conf_t   *clcf;
+    ngx_http_core_main_conf_t  *cmcf;
 #if (NGX_HTTP_SSL)
-    ngx_http_ssl_srv_conf_t   *sscf;
+    ngx_http_ssl_srv_conf_t    *sscf;
 #endif
 
 #if (NGX_STAT_STUB)
@@ -377,13 +384,21 @@ void ngx_http_init_request(ngx_event_t *rev)
         return;
     }
 
-
     r->ctx = ngx_pcalloc(r->pool, sizeof(void *) * ngx_http_max_module);
     if (r->ctx == NULL) {
         ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
         return;
     }
 
+    cmcf = ngx_http_get_module_main_conf(r, ngx_http_core_module);
+
+    r->variables = ngx_pcalloc(r->pool, cmcf->variables.nelts
+                                        * sizeof(ngx_http_variable_value_t));
+    if (r->variables == NULL) {
+        ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
+        return;
+    }
+
     c->single_connection = 1;
     r->connection = c;
 
-- 
cgit v1.2.3