Respect RFC 7239 (Forwarded header), X-Forwarded-For, and/or X-Real-IP
#8193
Comments
TheDiscordian
added
the
kind/enhancement
|
Given that you're saying However, I guess we could add a config option to trust certain proxies. We'd need to:
|
Stebalien
added
effort/days
|
linked to: libp2p/go-libp2p#1437 |
|
Would it be possible to incorporate support for Proxy Protocol as well? I need for IPv6 compatibility, a relay before the connection reaches go-ipfs. At the moment, the IPs displayed for the connections going through this relay are therefore partly wrong, their IP being replaced by the TCP relay. |
|
See libp2p/go-libp2p#1065. As you can see, I have some objections to the entire concept of the "proxy protocol", but I'm not strictly opposed to a clean implementation. However, the core team is unlikely to work either of these features in the near future. |
My use-case, and reason for opening this issue is I'm trying to blacklist a peer that floods my connections (I don't know why it's doing it, but it opens 5, closes 5, repeat). Is there any way to do that in go-ipfs currently? As I can't get the IP because go-ipfs doesn't support SSL or the headers I'd use to get the IP from a reverse proxy. Just having the IP allows me to chuck it into iptables and handle the rest myself, but currently I don't see any path to reliably retrieve the correct IP for a peer connecting over WSS. |
Currently when using Nginx as a reverse proxy, go-ipfs seems list all peers connecting through the reverse proxy as
127.0.0.1(ipfs swarm peers). I couldn't find a way to discover their actual IP address, which can be incredibly useful for tools like fail2ban. I'm hoping for go-ipfs to support RFC 7239 and/or theX-Forwarded-For, and/orX-Real-IPheaders. These are documented quite well here.My apologies if I missed the feature!
The text was updated successfully, but these errors were encountered: