Arc Forum | Arc server and forwarded IP addresses

Arc Forum

1 point by kschwen 5713 days ago | 3 comments

Hey all,

I've been setting up news.arc. I've got everything humming along behind a nginx proxy, but every time I post something, it tells me it's coming from 127.0.0.1.

This wouldn't bother me a hell of a lot, but in reading the code I've noticed there are provisions to IP ban spammers, and I obviously can't have the sole IP banned. Plus, it bugs me that it's not working.

I think I've found where headers are processed in srv.arc -- in parsheader -- but I'm new to Scheme/Arc amd don't know how to get parsheader to a) recognize something like X-Real-Ip and set the IP accordingly, and b) how to even get it to read X-Real-Ip in.

Any help?

1 point by shader 5712 days ago | link

Well, right now it looks like the srv.arc code already checks for an X-Forwarded-For header. The applicable code is:

  (let proxy-header "X-Forwarded-For: "
    (def strip-header(s)
      (subst "" proxy-header s))
    (def proxy-ip(ip-wrapper lines)
      (aif (only.strip-header (car:keep [headmatch proxy-header _] lines))
          (ip-wrapper it)
          (ip-wrapper))))

This defines a proxy-ip function, which is later used to determine whether an ip is abusive or not, by returning the ip either given by sock-accept, or the X-Forwarded-For header.

It seems to me that the easiest way to support X-Real-Ip would be (presuming it's an http header) to let proxy-header be "X-Real-Ip" instead of "X-Forwarded-For". Alternatively, you could expand the functions to be able to take a list of header strings instead of just one.

-----

2 points by akkartik 5712 days ago | link

Yeah I made that change in anarki; it's not in vanilla arc. http://arclanguage.org/item?id=11199

-----

1 point by kschwen 5712 days ago | link

Awesome! I switched to your version of Arc. Judging by that diff, I'm happy you already fixed it ;).

-----