Fix parsing X-Forwarded-For header.

[amiart]

Fixes parsing of the header, and it is now possible to trust Unix domain socket proxy and proxy servers in a subnet.

In nginx configuration (reverse proxy) add this line:

proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;

In Treefrog configuration add these lines:

EnableForwardedForHeader=true
ParseForwardedForHeaderRecursively=false
TrustedProxyServers="unix:; 192.168.0.10; 192.168.0.20"   # the value must be in quotes

Fixes #285

[treefrogframework]

To keep the specification simple, I would like to omit the ParseForwardedForHeaderRecursively parameter.
And I don't think that parsing "unix:" is necessary. No one writes the string "unix:" in the "X-Forwarded-For" header, right?

[amiart]

To keep the specification simple, I would like to omit the ParseForwardedForHeaderRecursively parameter.

The ParseForwardedForHeaderRecursively parameter is needed, if you want to trust only proxies that connect directly to the treefrog server, e.g. when I'm in a local network I connect through a proxy server 192.168.1.10, and being outside this network I connect through a proxy server with a public IP like 213.25.134.23 and then I don't want to trust 192.168.1.10 anymore.

This is an equivalent to the real_ip_recursive parameter of the nginx server:
https://nginx.org/en/docs/http/ngx_http_realip_module.html

If you don't like the name of this parameter then you can change it.

And I don't think that parsing "unix:" is necessary. No one writes the string "unix:" in the "X-Forwarded-For" header, right?

The implementation doesn't expect 'unix:' in the header - see the code.
Setting TrustedProxyServers="unix" is required if we have a treefrog server listening on Unix domain socket and nginx as a reverse proxy as described on this page:
https://www.treefrogframework.org/en/user-guide/cooperation-with-the-reverse-proxy-server/

See also nginx set_real_ip_from parameter - it accepts 'unix:' value:
https://nginx.org/en/docs/http/ngx_http_realip_module.html

[treefrogframework]

See also nginx set_real_ip_from parameter - it accepts 'unix:' value:
https://nginx.org/en/docs/http/ngx_http_realip_module.html

About the node identifier, does it meet the RFC7239?
It seems the spec for nginx only.

[amiart]

The apache server doesn't have it, so it seems it's a nginx-specific solution.

[treefrogframework]

I think it can support the following two patterns:
Example 2: "192.168.1.10, 192.168.1.20"
Example 3: "10.0.1.0/24, 10.0.2.0/255.255.255.0"

[amiart]

So you want to always trust proxy for unix: socket ?

[amiart]

Changed the code, so now TrustedProxyServers parameter accepts only IP addresses or subnets and the UNIX domain socket proxy is always trusted.

[treefrogframework]

About unix domain, it's a specification in RFC?
I don't desire to implement specifications that are not in RFC.

[amiart]

Sorry, but I don't have such knowledge.
But since the treefrog allows to listen on UNIX domain socket and recommends
using a reverse proxy server for HTTPS or compression, it should be possible to trust such a proxy.

[treefrogframework]

Unfortunately, this pull-request is not acceptable.
I appreciate your understanding.

[amiart]

What's wrong with the patch ?
The unix domain socket check is only for clientAddress() (the host that connects directly to treefrog).
It doesn't expect unix: in X-Forwarded-For header and TrustedProxyServers parameter, so the RFC is not violated.