[Libwebsockets] [EXTERNAL]: Re: WS Real client IP address

Bertin, Stephane stephane.bertin at Wabtec.com
Wed May 15 13:59:50 CEST 2019


I understand the concept.
Now it's working with your solution !


Thanks a lot

Stéphane BERTIN
​
FAIVELEY TRANSPORT TOURS​,
​Access & Mobility Group​
ZI des Yvaudières
BP 149 - 75 avenue Yves Farge
37701 Saint Pierre des Corps Cedex
Tél. : +33 (0)2 47 32 53 18
Email : stephane.bertin at wabtec.com

-----Message d'origine-----
De : Andy Green <andy at warmcat.com>
Envoyé : mercredi 15 mai 2019 12:53
À : libwebsockets at ml.libwebsockets.org; Bertin, Stephane <stephane.bertin at Wabtec.com>; libwebsockets at ml.libwebsockets.org
Objet : [EXTERNAL]: Re: [Libwebsockets] WS Real client IP address



On May 15, 2019 11:42:56 AM GMT+01:00, "Bertin, Stephane" <stephane.bertin at Wabtec.com> wrote:
>Dear all,
>
>I try to get the real websocket client IP address connected to my
>libwebsockets WS server.
>My WS server is behind a NGINX server.
>
>The Client IP address is always 127.0.0.1 whereas the HTTP header is
>correctly filled (between NGINX and WS):

Mmm the 'correct' address for the peer is 127.0.0.1 from lws perspective.

The peer connected to nginx... nginx opened a completely separate connection to lws from the same box.  So it's correct to say what it does.

You can get what you want by ....

>Received 593 bytes from the socket
>00000000  47 45 54 20  2F 77 73 2F  20 48 54 54  50 2F 31 2E  GET /ws/
>HTTP/1.
>00000010  31 0D 0A 78  2D 72 65 61  6C 2D 69 70  3A 20 31 39
>1..x-real-ip: 19
>00000020  32 2E 31 36  38 2E 30 2E  32 0D 0A 48  6F 73 74 3A
>2.168.0.2..Host:
>00000030  20 31 39 32  2E 31 36 38  2E 30 2E 31  0D 0A 78 2D
>192.168.0.1..x-
>00000040  66 6F 72 77  61 72 64 65  64 2D 66 6F  72 3A 20 31
>forwarded-for: 1
>00000050  39 32 2E 31  36 38 2E 30  2E 32 0D 0A  55 70 67 72
>92.168.0.2..Upgr

... recovering this header sent by nginx using

https://urldefense.proofpoint.com/v2/url?u=https-3A__libwebsockets.org_git_libwebsockets_tree_include_libwebsockets_lws-2Dhttp.h-23n371-2D386&d=DwIFaQ&c=pG3N8eJDEvizGbIy8hw-0w&r=7csNe7g_FfDHtZiOmqfRFgrHPjDS7AG-RlM6Hr6mRRI&m=MsD2dPxET6Yz1q_UnMx1sagPjzQGC0APSeVFqpLLR0Y&s=gitxYBD9iG9QmcQyJ6PQ2qK35Mzgxc0F7vzmWrVF2QA&e=

with lws header index

WSI_TOKEN_X_FORWARDED_FOR

-Andy

>00000060  61 64 65 3A  20 77 65 62  73 6F 63 6B  65 74 0D 0A  ade:
>websocket..
>00000070  43 6F 6E 6E  65 63 74 69  6F 6E 3A 20  75 70 67 72
>Connection: upgr
>00000080  61 64 65 0D  0A 50 72 61  67 6D 61 3A  20 6E 6F 2D
>ade..Pragma: no-
>00000090  63 61 63 68  65 0D 0A 43  61 63 68 65  2D 43 6F 6E
>cache..Cache-Con
>000000A0  74 72 6F 6C  3A 20 6E 6F  2D 63 61 63  68 65 0D 0A  trol:
>no-cache..
>
>I use the API lws_get_peer_addresses to get the client IP during
>LWS_CALLBACK_FILTER_NETWORK_CONNECTION event.
>
>Can anybody help me ?
>
>
>Stéphane BERTIN
>>FAIVELEY TRANSPORT TOURS​,
>​Access & Mobility Group​
>ZI des Yvaudières
>BP 149 - 75 avenue Yves Farge
>37701 Saint Pierre des Corps Cedex
>Tél. : +33 (0)2 47 32 53 18
>Email : stephane.bertin at wabtec.com
>
>This email and any attachments are only for use by the intended
>recipient(s) and may contain legally privileged, confidential,
>proprietary or otherwise private information. Any unauthorized use,
>reproduction, dissemination, distribution or other disclosure of the
>contents of this e-mail or its attachments is strictly prohibited. If
>you have received this email in error, please notify the sender
>immediately and delete the original. Neither this information block,
>the typed name of the sender, nor anything else in this message is
>intended to constitute an electronic signature unless a specific
>statement to the contrary is included in this message.
This email and any attachments are only for use by the intended recipient(s) and may contain legally privileged, confidential, proprietary or otherwise private information. Any unauthorized use, reproduction, dissemination, distribution or other disclosure of the contents of this e-mail or its attachments is strictly prohibited. If you have received this email in error, please notify the sender immediately and delete the original. Neither this information block, the typed name of the sender, nor anything else in this message is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message.


More information about the Libwebsockets mailing list