Skip to content

Commit

Permalink
[Bugfix] Nginx Parser: http_x_forwarded_for can contain multiple IP d…
Browse files Browse the repository at this point in the history
…ivided by comma

Signed-off-by: Konstantin Grachev <[email protected]>
  • Loading branch information
grachevko committed Nov 25, 2018
1 parent 0751902 commit 0f7e7e5
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 1 deletion.
2 changes: 1 addition & 1 deletion lib/fluent/plugin/parser_nginx.rb
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ module Plugin
class NginxParser < RegexpParser
Plugin.register_parser("nginx", self)

config_set_default :expression, /^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)"(?:\s+(?<http_x_forwarded_for>[^ ]+))?)?$/
config_set_default :expression, /^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)"(?:\s+\"?(?<http_x_forwarded_for>[^\"]*)\"?)?)?$/
config_set_default :time_format, "%d/%b/%Y:%H:%M:%S %z"
end
end
Expand Down
20 changes: 20 additions & 0 deletions test/plugin/test_parser_nginx.rb
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,18 @@ def setup
'agent' => 'Opera/12.0',
'http_x_forwarded_for' => '-'
}
@expected_extended_multiple_ip = {
'remote' => '127.0.0.1',
'host' => '192.168.0.1',
'user' => '-',
'method' => 'GET',
'path' => '/',
'code' => '200',
'size' => '777',
'referer' => '-',
'agent' => 'Opera/12.0',
'http_x_forwarded_for' => '127.0.0.1, 192.168.0.1'
}
end

def create_driver
Expand Down Expand Up @@ -65,4 +77,12 @@ def test_parse_with_http_x_forwarded_for
assert_equal(@expected_extended, record)
}
end

def test_parse_with_http_x_forwarded_for_multiple_ip
d = create_driver
d.instance.parse('127.0.0.1 192.168.0.1 - [28/Feb/2013:12:00:00 +0900] "GET / HTTP/1.1" 200 777 "-" "Opera/12.0" "127.0.0.1, 192.168.0.1"') { |time, record|
assert_equal(event_time('28/Feb/2013:12:00:00 +0900', format: '%d/%b/%Y:%H:%M:%S %z'), time)
assert_equal(@expected_extended_multiple_ip, record)
}
end
end

0 comments on commit 0f7e7e5

Please sign in to comment.