-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implements --real-client-ip-header option. #503
Implements --real-client-ip-header option. #503
Conversation
* The -real-client-ip-header determines what HTTP header is used for determining the "real client IP" of the remote client. * The -real-client-ip-header option supports the following headers: X-Forwarded-For X-ProxyUser-IP and X-Real-IP (default). * Introduces new realClientIPParser interface to allow for multiple polymorphic classes to decide how to determine the real client IP. * TODO: implement the more standard, but more complex `Forwarded` HTTP header.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Izzette Thanks for re-doing this PR, I like the way this is done more now than before :) Added a few comments, if you could take a look, that'd be great!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added a couple of minor suggestions, but otherwise looks good
Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>
* Simplify the language around dependance on -reverse-proxy Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>
Jumping in a bit late, but if you're adding support for all these, might be worth adding Forwarded support too since that's the most recent standard. |
It's already noted as a TODO in the initial description, but because the specification of the forwarded header is more complex and my implementation is type-polymorphic I'm choosing the leave this out of this PR. It can be included in another PR after this one is merged. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bar the one outstanding comment re getClient
vs getClientFunc
I think I'm happy with this
@steakunderscore @JoelSpeed, are we all happy, should we merge this? |
Co-authored-by: Isabelle COWAN-BERGMAN <Izzette@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for all your work on this @Izzette, apologies it's taken so long to get it in
also remove the recently-added --xheaders option (it was never in a release), in favor of disabling trust of the X-Real-IP header by setting the new real-client-ip-header option to a blank/empty string inspired by oauth2-proxy/oauth2-proxy#503
also remove the recently-added --xheaders option (it was never in a release), in favor of disabling trust of the X-Real-IP header by setting the new real-client-ip-header option to a blank/empty string inspired by oauth2-proxy/oauth2-proxy#503
also remove the recently-added --xheaders option, in favor of disabling trust of the X-Real-IP header by setting the real-client-ip-header option to a blank/empty string inspired by oauth2-proxy/oauth2-proxy#503
also remove the recently-added --xheaders option, in favor of disabling trust of the X-Real-IP header by setting the real-client-ip-header option to a blank/empty string inspired by oauth2-proxy/oauth2-proxy#503
Description
determining the "real client IP" of the remote client.
X-Forwarded-For X-ProxyUser-IP and X-Real-IP (default).
polymorphic classes to decide how to determine the real client IP.
Forwarded
HTTPheader.
Motivation and Context
X-Real-IP
for logging.How Has This Been Tested?
Checklist:
Fixes #424