-
Notifications
You must be signed in to change notification settings - Fork 616
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
X-Forwarded-For doesn't seem to be working correctly #828
Comments
Hi Robert, Thank you for the report. The HTTP header code hasn't changed in quite a while. Setting Lines 43 to 50 in 81ed7aa
The Lines 94 to 114 in 81ed7aa
The one condition where we might replace an upstream Lines 59 to 62 in 81ed7aa
The only other handling of the https://golang.org/pkg/net/http/httputil/#ReverseProxy If you have more information of a case with full headers I'd be happy to take a further look. |
Hi :) Where you say setting What I start with, before a request passes through Fabio, is a correctly filled All I really want to know is the original source IP address so I'm not really bothered how this is achieved but at the moment neither of the headers are giving me the info I need. When you say you'd like full headers, could you be a bit more specific? I'm pulling these from the wire using tcpdump so I'll need to target the headers you want to see. |
I'm saying that setting We look for and modify the If the upstream |
Hi :) I wonder whether the problem might be that the string value of I really appreciate your help and offer of some testing. If there's anything more I can provide please let me know and I'll do what I can :) |
I'm struggling with the Forwarded and X-Forwarded-For headers on http traffic passing through Fabio.
Our Fabio instances sit behind a Cloudflare style WAF/LB setup and I can see, via tcpdump, that this setup is correctly passing X-Forwarded-For headers. However, traffic passing through Fabio seems to drop all that info and the only entry in the X-Forwarded-For (and Forwarded) headers is the IP address of the WAF/LB.
For instance:
With a client IP of 1.2.3.4
and a WAF IP of 5.6.7.8
and a Fabio IP of 9.9.9.9
I see the following using tcpdump from the WAF:
X-Forwarded-For: 1.2.3.4
X-Forwarded-Proto: https
I see the following using tcpdump coming from Fabio:
X-Forwarded-For: 5.6.7.8
X-Forwarded-Proto: https
Forwarded: for=5.6.7.8; proto=https; by=9.9.9.9; httpproto=http/2.0;
I would expect instead to see:
X-Forwarded-For: 5.6.7.8, 1.2.3.4
X-Forwarded-Proto: https
Forwarded: for=1.2.3.4; proto=https; by=9.9.9.9, by=5.6.7.8, httpproto=http/2.0;
I've tried leaving
proxy.header.clientip
blank and also setting it to 'X-Forwarded-For'. Looking at the go http source code I would have expected a blank value to equate to the behaviour I'm seeing and 'X-Forwarded-For' to correctly retain and extend the X-Forwarded-For header. But this is not what I'm seeing.Anyone got any ideas?
The text was updated successfully, but these errors were encountered: