Skip to content

Commit

Permalink
Introduce a failing test in left-most approach
Browse files Browse the repository at this point in the history
  • Loading branch information
@nebez
nebez committed Sep 7, 2023
1 parent e009c2e commit b0028d1
Showing 1 changed file with 20 additions and 0 deletions.
20 changes: 20 additions & 0 deletions modules/caddyhttp/server_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -329,3 +329,23 @@ func TestServer_DetermineTrustedProxy_MultipleTrustedClientHeaders(t *testing.T)
assert.True(t, trusted)
assert.Equal(t, clientIP, "1.1.1.1")
}

func TestServer_DetermineTrustedProxy_SkipTrustedPrivateHops(t *testing.T) {
localPrivatePrefix, _ := netip.ParsePrefix("10.0.0.0/8")

server := &Server{
trustedProxies: &StaticIPRange{
ranges: []netip.Prefix{localPrivatePrefix},
},
ClientIPHeaders: []string{"X-Forwarded-For"},
}

req := httptest.NewRequest("GET", "/", nil)
req.RemoteAddr = "10.0.0.1:12345"
req.Header.Set("X-Forwarded-For", "30.30.30.30, 45.54.45.54, 10.0.0.1")

trusted, clientIP := determineTrustedProxy(req, server)

assert.True(t, trusted)
assert.Equal(t, clientIP, "45.54.45.54")
}

0 comments on commit b0028d1

Please sign in to comment.