113 lines
3.4 KiB
Bash
Executable File
113 lines
3.4 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
if [ "${NGX_HTTP}" = 0 ] ; then
|
|
unset NGX_HTTP_TRANSPARENT_PROXY NGX_HTTP_FAKE_UA NGX_HTTP_FORWARDED NGX_HTTP_X_FORWARDED NGX_HTTP_X_REAL_IP
|
|
else
|
|
unset _NGX_HTTP_FAKE_UA _NGX_HTTP_FORWARDED _NGX_HTTP_X_FORWARDED _NGX_HTTP_X_REAL_IP
|
|
## here should be SANE defaults (!)
|
|
_NGX_HTTP_FAKE_UA='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36'
|
|
_NGX_HTTP_FORWARDED=pass
|
|
_NGX_HTTP_X_FORWARDED=pass
|
|
_NGX_HTTP_X_REAL_IP=pass
|
|
|
|
NGX_HTTP_TRANSPARENT_PROXY=$(gobool_to_int "${NGX_HTTP_TRANSPARENT_PROXY:-0}" 0)
|
|
export NGX_HTTP_TRANSPARENT_PROXY
|
|
|
|
[ -n "${NGX_HTTP_FAKE_UA:-}" ] || NGX_HTTP_FAKE_UA=${_NGX_HTTP_FAKE_UA}
|
|
export NGX_HTTP_FAKE_UA
|
|
|
|
if [ -n "${NGX_HTTP_FORWARDED:-}" ] ; then
|
|
NGX_HTTP_FORWARDED=$(printf '%s' "${NGX_HTTP_FORWARDED}" | tr '[:upper:]' '[:lower:]')
|
|
fi
|
|
if [ -n "${NGX_HTTP_X_FORWARDED:-}" ] ; then
|
|
NGX_HTTP_X_FORWARDED=$(printf '%s' "${NGX_HTTP_X_FORWARDED}" | tr '[:upper:]' '[:lower:]')
|
|
fi
|
|
if [ -n "${NGX_HTTP_X_REAL_IP:-}" ] ; then
|
|
NGX_HTTP_X_REAL_IP=$(printf '%s' "${NGX_HTTP_X_REAL_IP}" | tr '[:upper:]' '[:lower:]')
|
|
fi
|
|
|
|
if [ "${NGX_HTTP_TRANSPARENT_PROXY}" = 1 ] ; then
|
|
if [ -n "${NGX_HTTP_FORWARDED:-}" ] ; then
|
|
log_always "NGX_HTTP_FORWARDED: overridden to 'remove' due to NGX_HTTP_TRANSPARENT_PROXY=1"
|
|
fi
|
|
NGX_HTTP_FORWARDED=remove
|
|
|
|
if [ -n "${NGX_HTTP_X_FORWARDED:-}" ] ; then
|
|
log_always "NGX_HTTP_X_FORWARDED: overridden to 'remove' due to NGX_HTTP_TRANSPARENT_PROXY=1"
|
|
fi
|
|
NGX_HTTP_X_FORWARDED=remove
|
|
|
|
if [ -n "${NGX_HTTP_X_REAL_IP:-}" ] ; then
|
|
log_always "NGX_HTTP_X_REAL_IP: overridden to 'remove' due to NGX_HTTP_TRANSPARENT_PROXY=1"
|
|
fi
|
|
NGX_HTTP_X_REAL_IP=remove
|
|
else
|
|
if [ -z "${NGX_HTTP_FORWARDED:-}" ] ; then
|
|
NGX_HTTP_FORWARDED=${_NGX_HTTP_FORWARDED}
|
|
fi
|
|
case "${NGX_HTTP_FORWARDED}" in
|
|
pass | remove ) ;;
|
|
* )
|
|
unset x
|
|
x=$(gobool_to_int "${NGX_HTTP_FORWARDED}")
|
|
case "$x" in
|
|
0 ) NGX_HTTP_FORWARDED=remove ;;
|
|
1 ) NGX_HTTP_FORWARDED=pass ;;
|
|
* )
|
|
log_always "NGX_HTTP_FORWARDED: unrecognized value: ${NGX_HTTP_FORWARDED}"
|
|
log_always "setting NGX_HTTP_FORWARDED=${_NGX_HTTP_FORWARDED}"
|
|
NGX_HTTP_FORWARDED=${_NGX_HTTP_FORWARDED}
|
|
;;
|
|
esac
|
|
unset x
|
|
;;
|
|
esac
|
|
|
|
if [ -z "${NGX_HTTP_X_FORWARDED:-}" ] ; then
|
|
NGX_HTTP_X_FORWARDED=${_NGX_HTTP_X_FORWARDED}
|
|
fi
|
|
case "${NGX_HTTP_X_FORWARDED}" in
|
|
pass | remove ) ;;
|
|
* )
|
|
unset x
|
|
x=$(gobool_to_int "${NGX_HTTP_X_FORWARDED}")
|
|
case "$x" in
|
|
0 ) NGX_HTTP_X_FORWARDED=remove ;;
|
|
1 ) NGX_HTTP_X_FORWARDED=pass ;;
|
|
* )
|
|
log_always "NGX_HTTP_X_FORWARDED: unrecognized value: ${NGX_HTTP_X_FORWARDED}"
|
|
log_always "setting NGX_HTTP_X_FORWARDED=${_NGX_HTTP_X_FORWARDED}"
|
|
NGX_HTTP_X_FORWARDED=${_NGX_HTTP_X_FORWARDED}
|
|
;;
|
|
esac
|
|
unset x
|
|
;;
|
|
esac
|
|
|
|
if [ -z "${NGX_HTTP_X_REAL_IP:-}" ] ; then
|
|
NGX_HTTP_X_REAL_IP=${_NGX_HTTP_X_REAL_IP}
|
|
fi
|
|
case "${NGX_HTTP_X_REAL_IP}" in
|
|
pass | remove ) ;;
|
|
* )
|
|
unset x
|
|
x=$(gobool_to_int "${NGX_HTTP_X_REAL_IP}")
|
|
case "$x" in
|
|
0 ) NGX_HTTP_X_REAL_IP=remove ;;
|
|
1 ) NGX_HTTP_X_REAL_IP=pass ;;
|
|
* )
|
|
log_always "NGX_HTTP_X_REAL_IP: unrecognized value: ${NGX_HTTP_X_REAL_IP}"
|
|
log_always "setting NGX_HTTP_X_REAL_IP=${_NGX_HTTP_X_REAL_IP}"
|
|
NGX_HTTP_X_REAL_IP=${_NGX_HTTP_X_REAL_IP}
|
|
;;
|
|
esac
|
|
unset x
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
export NGX_HTTP_FORWARDED NGX_HTTP_X_FORWARDED NGX_HTTP_X_REAL_IP
|
|
|
|
unset _NGX_HTTP_FAKE_UA _NGX_HTTP_FORWARDED _NGX_HTTP_X_FORWARDED _NGX_HTTP_X_REAL_IP
|
|
fi
|