-
Notifications
You must be signed in to change notification settings - Fork 632
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support X-Forwarded-* headers #220
Labels
type/enhancement
A general enhancement
Milestone
Comments
I wonder if it should also follow some of the Tomcat conventions (not sure about how the other two act) regarding internal proxies. |
bclozel
added a commit
to bclozel/reactor-netty
that referenced
this issue
Dec 21, 2017
This commit adds new information to the `HttpServerRequest`: * the host (server) address * the remote (client) address * the scheme used by the current request This information can be either derived from the current channel, or extracted from the incoming HTTP request headers using "Forwarded" or "X-Forwarded-*". This feature is opt-in, and must be configured during server setup: HttpServer.create().forwarded().port(8080); Closes reactorgh-220
bclozel
added a commit
to bclozel/reactor-netty
that referenced
this issue
Dec 21, 2017
This commit adds new information to the `HttpServerRequest`: * the host (server) address * the remote (client) address * the scheme used by the current request This information can be either derived from the current channel, or extracted from the incoming HTTP request headers using "Forwarded" or "X-Forwarded-*". This feature is opt-in, and must be configured during server setup: HttpServer.create().forwarded().port(8080); Closes reactorgh-220
bclozel
added a commit
to bclozel/reactor-netty
that referenced
this issue
Jan 9, 2018
This commit adds new information to the `HttpServerRequest`: * the host (server) address * the remote (client) address * the scheme used by the current request This information can be either derived from the current channel, or extracted from the incoming HTTP request headers using "Forwarded" or "X-Forwarded-*". This feature is opt-in, and must be configured during server setup: HttpServer.create().forwarded().port(8080); Closes reactorgh-220
violetagg
added a commit
that referenced
this issue
Jan 15, 2018
This commit adds new information to the `HttpServerRequest`: * the host (server) address * the remote (client) address * the scheme used by the current request This information can be either derived from the current channel, or extracted from the incoming HTTP request headers using "Forwarded" or "X-Forwarded-*". This feature is opt-in, and must be configured during server setup: HttpServer.create().forwarded().port(8080); Closes gh-220
violetagg
added a commit
that referenced
this issue
Jan 15, 2018
This commit adds new information to the `HttpServerRequest`: * the host (server) address * the remote (client) address * the scheme used by the current request This information can be either derived from the current channel, or extracted from the incoming HTTP request headers using "Forwarded" or "X-Forwarded-*". This feature is opt-in, and must be configured during server setup: HttpServer.create().forwarded().port(8080); Closes gh-220
bclozel
added a commit
to bclozel/reactor-netty
that referenced
this issue
Jan 15, 2018
This commit adds new information to the `HttpServerRequest`: * the host (server) address * the remote (client) address * the scheme used by the current request This information can be either derived from the current channel, or extracted from the incoming HTTP request headers using "Forwarded" or "X-Forwarded-*". This feature is opt-in, and must be configured during server setup: HttpServer.create().forwarded().port(8080); Closes reactorgh-220
violetagg
pushed a commit
that referenced
this issue
Jan 15, 2018
This commit adds new information to the `HttpServerRequest`: * the host (server) address * the remote (client) address * the scheme used by the current request This information can be either derived from the current channel, or extracted from the incoming HTTP request headers using "Forwarded" or "X-Forwarded-*". This feature is opt-in, and must be configured during server setup: HttpServer.create().forwarded().port(8080); Closes gh-220
violetagg
pushed a commit
that referenced
this issue
Jan 15, 2018
This commit adds new information to the `HttpServerRequest`: * the host (server) address * the remote (client) address * the scheme used by the current request This information can be either derived from the current channel, or extracted from the incoming HTTP request headers using "Forwarded" or "X-Forwarded-*". This feature is opt-in, and must be configured during server setup: HttpServer.create().forwarded().port(8080); Closes gh-220
violetagg
pushed a commit
that referenced
this issue
Jan 17, 2018
This commit adds new information to the `HttpServerRequest`: * the host (server) address * the remote (client) address * the scheme used by the current request This information can be either derived from the current channel, or extracted from the incoming HTTP request headers using "Forwarded" or "X-Forwarded-*". This feature is opt-in, and must be configured during server setup: HttpServer.create().forwarded().port(8080); Closes gh-220
violetagg
pushed a commit
that referenced
this issue
Jan 19, 2018
This commit adds new information to the `HttpServerRequest`: * the host (server) address * the remote (client) address * the scheme used by the current request This information can be either derived from the current channel, or extracted from the incoming HTTP request headers using "Forwarded" or "X-Forwarded-*". This feature is opt-in, and must be configured during server setup: HttpServer.create().forwarded().port(8080); Closes gh-220
violetagg
pushed a commit
that referenced
this issue
Jan 22, 2018
This commit adds new information to the `HttpServerRequest`: * the host (server) address * the remote (client) address * the scheme used by the current request This information can be either derived from the current channel, or extracted from the incoming HTTP request headers using "Forwarded" or "X-Forwarded-*". This feature is opt-in, and must be configured during server setup: HttpServer.create().forwarded().port(8080); Closes gh-220
violetagg
pushed a commit
that referenced
this issue
Jan 24, 2018
This commit adds new information to the `HttpServerRequest`: * the host (server) address * the remote (client) address * the scheme used by the current request This information can be either derived from the current channel, or extracted from the incoming HTTP request headers using "Forwarded" or "X-Forwarded-*". This feature is opt-in, and must be configured during server setup: HttpServer.create().forwarded().port(8080); Closes gh-220
violetagg
pushed a commit
that referenced
this issue
May 16, 2018
This commit adds new information to the `HttpServerRequest`: * the host (server) address * the remote (client) address * the scheme used by the current request This information can be either derived from the current channel, or extracted from the incoming HTTP request headers using "Forwarded" or "X-Forwarded-*". This feature is opt-in, and must be configured during server setup: HttpServer.create().forwarded().port(8080); Closes gh-220
violetagg
pushed a commit
that referenced
this issue
May 28, 2018
This commit adds new information to the `HttpServerRequest`: * the host (server) address * the remote (client) address * the scheme used by the current request This information can be either derived from the current channel, or extracted from the incoming HTTP request headers using "Forwarded" or "X-Forwarded-*". This feature is opt-in, and must be configured during server setup: HttpServer.create().forwarded().port(8080); Closes gh-220
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When an application sits behind an HTTP proxy terminating the TLS connection, the proxy sets
X-Forwarded-*
to tell the server about the original request: host, port, and protocol information.Most servers (Tomcat, Undertow and Jetty) deal with that in their own codebase since it involves wrapping/changing the request information at a low level.
Could Reactor Netty support an HttpServerOption for enabling such a feature?
This should be disabled by default, as this could lead to attackers spoofing their peer address if there is no proxy in front of the application or if the proxy does not clean those incoming headers.
The text was updated successfully, but these errors were encountered: