From 96c2aa2b9122eb944cbd3970741db5c78a02f684 Mon Sep 17 00:00:00 2001 From: bn0ir Date: Tue, 11 Jan 2022 12:43:31 +0500 Subject: [PATCH 1/2] Fix x-forwarded-for header processing for ws connections --- proxy/http_headers.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/proxy/http_headers.go b/proxy/http_headers.go index 251b797ed..d2c6c1ac0 100644 --- a/proxy/http_headers.go +++ b/proxy/http_headers.go @@ -58,7 +58,12 @@ func addHeaders(r *http.Request, cfg config.Proxy, stripPath string) error { // http proxy which sets it. ws := r.Header.Get("Upgrade") == "websocket" if ws { - r.Header.Set("X-Forwarded-For", remoteIP) + targetHeader := []string{remoteIP} + sourceHeader := r.Header.Get("X-Forwarded-For") + if sourceHeader != "" { + targetHeader = append([]string{sourceHeader}, targetHeader...) + } + r.Header.Set("X-Forwarded-For", strings.Join(targetHeader, ",")) } // Issue #133: Setting the X-Forwarded-Proto header to From e483a1bc1474431ef98292c2bfcb5b15734db094 Mon Sep 17 00:00:00 2001 From: bn0ir Date: Sat, 16 Apr 2022 20:49:50 +0400 Subject: [PATCH 2/2] Rewrite fabio X-Forwarded-For header set for WS connections based on golang standard library code --- proxy/http_headers.go | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/proxy/http_headers.go b/proxy/http_headers.go index d2c6c1ac0..db5aa05b5 100644 --- a/proxy/http_headers.go +++ b/proxy/http_headers.go @@ -58,12 +58,18 @@ func addHeaders(r *http.Request, cfg config.Proxy, stripPath string) error { // http proxy which sets it. ws := r.Header.Get("Upgrade") == "websocket" if ws { - targetHeader := []string{remoteIP} - sourceHeader := r.Header.Get("X-Forwarded-For") - if sourceHeader != "" { - targetHeader = append([]string{sourceHeader}, targetHeader...) + clientIP := remoteIP + // If we aren't the first proxy retain prior + // X-Forwarded-For information as a comma+space + // separated list and fold multiple headers into one. + prior, ok := r.Header["X-Forwarded-For"] + omit := ok && prior == nil // Issue 38079: nil now means don't populate the header + if len(prior) > 0 { + clientIP = strings.Join(prior, ", ") + ", " + clientIP + } + if !omit { + r.Header.Set("X-Forwarded-For", clientIP) } - r.Header.Set("X-Forwarded-For", strings.Join(targetHeader, ",")) } // Issue #133: Setting the X-Forwarded-Proto header to