From d30869d0c96019b6f8858aeee945d730e32f2413 Mon Sep 17 00:00:00 2001 From: xiongziliang <771730766@qq.com> Date: Sat, 18 Jun 2022 22:10:46 +0800 Subject: [PATCH] =?UTF-8?q?=E6=94=AF=E6=8C=81=E8=8E=B7=E5=8F=96http?= =?UTF-8?q?=E5=8F=8D=E5=90=91=E4=BB=A3=E7=90=86=E7=9C=9F=E5=AE=9E=E5=AE=A2?= =?UTF-8?q?=E6=88=B7=E7=AB=AFip:=20#1388?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- conf/config.ini | 5 ++++- src/Common/config.cpp | 2 ++ src/Common/config.h | 2 ++ src/Http/HttpSession.cpp | 5 +++++ src/Http/HttpSession.h | 3 +++ 5 files changed, 16 insertions(+), 1 deletion(-) diff --git a/conf/config.ini b/conf/config.ini index e836a124..49533769 100644 --- a/conf/config.ini +++ b/conf/config.ini @@ -204,10 +204,13 @@ dirMenu=1 #访问 http://127.0.0.1/app_b/file_b 对应的文件路径为 /path/to/b/file_b #访问其他http路径,对应的文件路径还是在rootPath内 virtualPath= -#禁止后缀的文件缓存,使用“,”隔开 +#禁止后缀的文件使用mmap缓存,使用“,”隔开 #例如赋值为 .mp4,.flv #那么访问后缀为.mp4与.flv 的文件不缓存 forbidCacheSuffix= +#可以把http代理前真实客户端ip放在http头中:https://github.com/ZLMediaKit/ZLMediaKit/issues/1388 +#切勿暴露此key,否则可能导致伪造客户端ip +forwarded_ip_header= [multicast] #rtp组播截止组播ip地址 diff --git a/src/Common/config.cpp b/src/Common/config.cpp index ae1593bf..1b775141 100644 --- a/src/Common/config.cpp +++ b/src/Common/config.cpp @@ -124,6 +124,7 @@ const string kVirtualPath = HTTP_FIELD "virtualPath"; const string kNotFound = HTTP_FIELD "notFound"; const string kDirMenu = HTTP_FIELD "dirMenu"; const string kForbidCacheSuffix = HTTP_FIELD "forbidCacheSuffix"; +const string kForwardedIpHeader = HTTP_FIELD "forwarded_ip_header"; static onceToken token([]() { mINI::Instance()[kSendBufSize] = 64 * 1024; @@ -150,6 +151,7 @@ static onceToken token([]() { "" << endl; mINI::Instance()[kForbidCacheSuffix] = ""; + mINI::Instance()[kForwardedIpHeader] = ""; }); } // namespace Http diff --git a/src/Common/config.h b/src/Common/config.h index ad87247e..787a1fe2 100644 --- a/src/Common/config.h +++ b/src/Common/config.h @@ -223,6 +223,8 @@ extern const std::string kNotFound; extern const std::string kDirMenu; // 禁止缓存文件的后缀 extern const std::string kForbidCacheSuffix; +// 可以把http代理前真实客户端ip放在http头中:https://github.com/ZLMediaKit/ZLMediaKit/issues/1388 +extern const std::string kForwardedIpHeader; } // namespace Http ////////////SHELL配置/////////// diff --git a/src/Http/HttpSession.cpp b/src/Http/HttpSession.cpp index 6b9b7972..c90544b3 100644 --- a/src/Http/HttpSession.cpp +++ b/src/Http/HttpSession.cpp @@ -670,6 +670,11 @@ bool HttpSession::emitHttpEvent(bool doInvoke){ return consumed; } +std::string HttpSession::get_peer_ip() { + GET_CONFIG(string, forwarded_ip_header, Http::kForwardedIpHeader); + return forwarded_ip_header.empty() ? TcpSession::get_peer_ip() : _parser.getHeader()[forwarded_ip_header]; +} + void HttpSession::Handle_Req_POST(ssize_t &content_len) { GET_CONFIG(size_t,maxReqSize,Http::kMaxReqSize); diff --git a/src/Http/HttpSession.h b/src/Http/HttpSession.h index d78dcdc4..6f5bebdf 100644 --- a/src/Http/HttpSession.h +++ b/src/Http/HttpSession.h @@ -97,6 +97,9 @@ protected: */ void onWebSocketDecodeComplete(const WebSocketHeader &header_in) override; + //重载获取客户端ip + std::string get_peer_ip() override; + private: void Handle_Req_GET(ssize_t &content_len); void Handle_Req_GET_l(ssize_t &content_len, bool sendBody);