2 files changed, 29 insertions, 2 deletions

diff --git a/src/controller.c b/src/controller.c
index ced9b9ca0..29cd1b351 100644
--- a/src/controller.c
+++ b/src/controller.c
@@ -350,7 +350,7 @@ rspamd_controller_check_forwarded (struct rspamd_controller_session *session,
 {
 	const rspamd_ftok_t *hdr;
 	const gchar *comma;
-	const char *hdr_name = "X-Forwarded-For";
+	const char *hdr_name = "X-Forwarded-For", *alt_hdr_name = "X-Real-IP";
 	char ip_buf[INET6_ADDRSTRLEN + 1];
 	rspamd_inet_addr_t *addr = NULL;
 	gint ret = 0;
@@ -387,6 +387,33 @@ rspamd_controller_check_forwarded (struct rspamd_controller_session *session,
 			}
 		}
 	}
+	else {
+		/* Try also X-Real-IP */
+		hdr = rspamd_http_message_find_header (msg, alt_hdr_name);
+
+		if (hdr) {
+			if (rspamd_parse_inet_address (&addr, hdr->begin, hdr->len)) {
+				/* We have addr now, so check if it is still trusted */
+				if (ctx->secure_map &&
+						radix_find_compressed_addr (ctx->secure_map,
+								addr) != RADIX_NO_VALUE) {
+					/* rspamd_inet_address_to_string is not reentrant */
+					rspamd_strlcpy (ip_buf, rspamd_inet_address_to_string (addr),
+							sizeof (ip_buf));
+					msg_info_session ("allow unauthorized proxied connection "
+							"from a trusted IP %s via %s",
+							ip_buf,
+							rspamd_inet_address_to_string (session->from_addr));
+					ret = 1;
+				}
+				else {
+					ret = -1;
+				}
+
+				rspamd_inet_address_destroy (addr);
+			}
+		}
+	}
 
 	return ret;
 }
diff --git a/src/libstat/learn_cache/sqlite3_cache.c b/src/libstat/learn_cache/sqlite3_cache.c
index 7c5174fcf..36048455a 100644
--- a/src/libstat/learn_cache/sqlite3_cache.c
+++ b/src/libstat/learn_cache/sqlite3_cache.c
@@ -187,7 +187,7 @@ rspamd_stat_cache_sqlite3_check (struct rspamd_task *task,
 	rspamd_token_t *tok;
 	guchar *out;
 	gchar *user = NULL;
-	guint i, j;
+	guint i;
 	gint rc;
 	gint64 flag;