Skip to content

Commit

Permalink
Handle chained reverse proxies in XFF headers
Browse files Browse the repository at this point in the history 
An X-Forwarded-For header with a single intermediary proxy looks like:

    X-Forwarded-For: $clientip[:$port]

If, however, you're a goofball and like to proxy your proxies (yo dawg!)
it will look like this instead:

    X-Forwarded-For: $clientip[:$port], $proxy1[:$port]

SHIELD now supports the latter as well, and will not stupidly put a
comma-separated value in the Agent IP field.
  • Loading branch information
@jhunt
jhunt committed Jun 9, 2020
1 parent 9b9ecf8 commit 68706de
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion core/api_v2.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1763,7 +1763,7 @@ func (c *Core) v2API() *route.Router {
return
}

peer := regexp.MustCompile(`:\d+$`).ReplaceAllString(r.Req.Header.Get("X-Forwarded-For"), "")
peer := regexp.MustCompile(`[,:].*`).ReplaceAllString(r.Req.Header.Get("X-Forwarded-For"), "")
if peer == "" {
peer = regexp.MustCompile(`:\d+$`).ReplaceAllString(r.Req.RemoteAddr, "")
if peer == "" {
Expand Down

0 comments on commit 68706de

Please sign in to comment.