{"id":1007,"date":"2012-04-13T01:40:30","date_gmt":"2012-04-12T16:40:30","guid":{"rendered":"http:\/\/blog.xcir.net\/?p=1007"},"modified":"2012-04-13T02:43:38","modified_gmt":"2012-04-12T17:43:38","slug":"x-forwarded-for%e3%82%92acl%e3%81%a8%e7%aa%81%e3%81%8d%e5%90%88%e3%82%8f%e3%81%9b%e3%81%a6%e3%81%bf%e3%82%8b","status":"publish","type":"post","link":"https:\/\/blog.xcir.net\/?p=1007","title":{"rendered":"X-Forwarded-For\u3092ACL\u3068\u7a81\u304d\u5408\u308f\u305b\u3066\u307f\u308b\uff08Varnish\uff09"},"content":{"rendered":"

\u3061\u3087\u3063\u3068dai_yamashita\u3055\u3093\u306b\u805e\u304b\u308c\u305f\u306e\u3067\u3064\u304f\u3063\u3066\u307f\u305f\u3082\u306e\u3067\u3059\u304c\u305b\u3063\u304b\u304f\u306a\u306e\u3067\u8a18\u4e8b\u306b\u3057\u307e\u3059\u3002<\/p>\n

\u3088\u304f\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306eIP\u30a2\u30c9\u30ec\u30b9\u3092ACL\u3068\u7a81\u304d\u5408\u308f\u305b\u3066\u51e6\u7406\u3092\u3059\u308b\u30fb\u3057\u306a\u3044\u3092\u3084\u308b\u304b\u3068\u601d\u3044\u307e\u3059\u304c
\n\u4e0a\u4f4d\u306b\u4ed6\u306eProxy\u304c\u3044\u308b\u306a\u3069\uff08\u305f\u3068\u3048\u3070Nginx)\u3067\u3001X-Forwarded-For\u3092ACL\u3068\u4ed8\u304d\u5408\u308f\u305b\u3066\u307f\u305f\u3044\u3068\u304d\u306f\u3069\u3046\u3059\u308c\u3070\u3088\u3044\u3067\u3057\u3087\u3046\u304b\uff1f
\n\u901a\u5e38\u306e\u65b9\u6cd5\u3067\u306f\u3067\u304d\u306a\u3044\u306e\u3067VMOD\u4f5c\u3063\u3066\u307f\u307e\u3057\u305f\u3002<\/p>\n

campur_xcir.inet_pton(ipv6\u304b\u3069\u3046\u304b , \u5909\u63db\u3057\u305f\u3044IP\u30a2\u30c9\u30ec\u30b9\u306a\u6587\u5b57\u5217 , \u5931\u6557\u3057\u305f\u5834\u5408\u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u306eIP\u30a2\u30c9\u30ec\u30b9\u306a\u6587\u5b57\u5217)<\/p>\n

\n\r\nimport campur_xcir;\r\n\r\nset resp.http.v6 = campur_xcir.inet_pton(true,"2001:0db8:bd05:01d2:288a:1fc0:0001:10ee","1982:db8:20:3:1000:100:20:3");\r\nset resp.http.v4 = campur_xcir.inet_pton(false,"1.1.1.1","2.2.2.2");\r\nset resp.http.v6ng = campur_xcir.inet_pton(true,"2001:0db8:bd05:01d2:288a:1fc0:0001:10eeHOGE","1982:db8:20:3:1000:100:20:3");\/\/\u5931\u6557\u30d1\u30bf\u30f3\r\nset resp.http.v4ng = campur_xcir.inet_pton(false,"1.1.1.1HOGE","2.2.2.2");\/\/\u5931\u6557\u30d1\u30bf\u30f3\r\n\r\n\/\/\u7d50\u679c\r\nv6: 2001:db8:bd05:1d2:288a:1fc0:1:10ee\r\nv4: 1.1.1.1\r\nv6ng: 1982:db8:20:3:1000:100:20:3\r\nv4ng: 2.2.2.2\r\n\n<\/pre>\n
\u5b9f\u969b\u306f\u3053\u3093\u306a\u611f\u3058\u306e\u4f7f\u3044\u65b9\u3092\u60f3\u5b9a\u3057\u3066\u3044\u307e\u3059<\/p>\n
\n\r\nimport campur_xcir;\r\n\r\n\/\/acl\r\nacl local {\r\n    "192.168.1.0"\/24;\r\n    !"0.0.0.0";\r\n}\r\n\r\nsub vcl_recv{\r\n  if(campur_xcir.inet_pton(false , req.http.X-Forwarded-For , "0.0.0.0") ~ local){\r\n      \/\/acl ok\r\n      ...\r\n  }\r\n}\r\n\n<\/pre>\n
\u3082\u3057\u3088\u304b\u3063\u305f\u3089\u4f7f\u3063\u3066\u307f\u3066\u304f\u3060\u3055\u3044
\nlibvmod-campur_xcir<\/a><\/p>\n
\u3061\u306a\u307f\u306b\u3053\u306e\u30e2\u30b8\u30e5\u30fc\u30eb\u306f\u50d5\u304c\u8a66\u3057\u306b\u4f5c\u3063\u305f\u3082\u306e\u3092\u7a81\u3063\u8fbc\u3093\u3067\u308b\u3082\u306e\u3067\u3059
\n\u4ed6\u306b\u306fML\u3067\u8cea\u554f\u3057\u3066\u305f\u4eba\u5411\u3051\u306b\u4f5c\u3063\u305fVarnish\u306ehash\u5024\u3092\u53d6\u5f97\u3059\u308b\u3082\u306e\u3068\u304b\u304c\u5165\u3063\u3066\u307e\u3059
\n\u305f\u307e\u306b\u5897\u3048\u305f\u308a\u3059\u308b\u3068\u601d\u3044\u307e\u3059<\/p>\n
        
\u3053\u306e\u30a8\u30f3\u30c8\u30ea\u30fc\u3092\u306f\u3066\u306a\u30d6\u30c3\u30af\u30de\u30fc\u30af\u306b\u8ffd\u52a0<\/a><\/div>        
\u306f\u3066\u306a\u30d6\u30c3\u30af\u30de\u30fc\u30af - X-Forwarded-For\u3092ACL\u3068\u7a81\u304d\u5408\u308f\u305b\u3066\u307f\u308b\uff08Varnish\uff09<\/a><\/div>        
Facebook \u306b\u30b7\u30a7\u30a2<\/a><\/div>        
LinkedIn \u306b\u30b7\u30a7\u30a2<\/a><\/div>        
Tweet<\/a><\/div><\/div>\n
\n","protected":false},"excerpt":{"rendered":"
\u3061\u3087\u3063\u3068dai_yamashita\u3055\u3093\u306b\u805e\u304b\u308c\u305f\u306e\u3067\u3064\u304f\u3063\u3066\u307f\u305f\u3082\u306e\u3067\u3059\u304c\u305b\u3063\u304b\u304f\u306a\u306e\u3067\u8a18\u4e8b\u306b\u3057\u307e\u3059\u3002 \u3088\u304f\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306eIP\u30a2\u30c9\u30ec\u30b9\u3092ACL\u3068\u7a81\u304d\u5408\u308f\u305b\u3066\u51e6\u7406\u3092\u3059\u308b\u30fb\u3057\u306a\u3044\u3092\u3084\u308b\u304b\u3068\u601d\u3044\u307e\u3059\u304c \u4e0a\u4f4d\u306b\u4ed6\u306eProxy\u304c\u3044 […]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[5,34,40],"class_list":["post-1007","post","type-post","status-publish","format-standard","hentry","category-3","tag-varnish","tag-vmod","tag-vmod_campur_xcir","category-3-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"_links":{"self":[{"href":"https:\/\/blog.xcir.net\/index.php?rest_route=\/wp\/v2\/posts\/1007","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.xcir.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.xcir.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.xcir.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.xcir.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1007"}],"version-history":[{"count":7,"href":"https:\/\/blog.xcir.net\/index.php?rest_route=\/wp\/v2\/posts\/1007\/revisions"}],"predecessor-version":[{"id":1018,"href":"https:\/\/blog.xcir.net\/index.php?rest_route=\/wp\/v2\/posts\/1007\/revisions\/1018"}],"wp:attachment":[{"href":"https:\/\/blog.xcir.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1007"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.xcir.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1007"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.xcir.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1007"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}