caddyhttp: Add server-level `trusted_proxies` config (#5103)

author: Francis Lavoie <lavofr@gmail.com> 2023-01-10 00:08:23 -0500
committer: GitHub <noreply@github.com> 2023-01-10 00:08:23 -0500
commit: 223cbe3d0b50487117c785f0755bb80a9ee65010 (patch)
tree: cf673da335e7470a50a7f1709464ec3f05e67291 /caddyconfig
parent: 66ce0c5c635c4ff254ccb92123711534b6461b35 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go
index 3e206c8..7aa0a2a 100644
--- a/caddyconfig/httpcaddyfile/serveroptions.go
+++ b/caddyconfig/httpcaddyfile/serveroptions.go
@@ -42,6 +42,7 @@ type serverOptions struct {
 	MaxHeaderBytes       int
 	Protocols            []string
 	StrictSNIHost        *bool
+	TrustedProxies       []string
 	ShouldLogCredentials bool
 	Metrics              *caddyhttp.Metrics
 }
@@ -176,6 +177,15 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (any, error) {
 				}
 				serverOpts.StrictSNIHost = &boolVal
 
+			case "trusted_proxies":
+				for d.NextArg() {
+					if d.Val() == "private_ranges" {
+						serverOpts.TrustedProxies = append(serverOpts.TrustedProxies, caddyhttp.PrivateRangesCIDR()...)
+						continue
+					}
+					serverOpts.TrustedProxies = append(serverOpts.TrustedProxies, d.Val())
+				}
+
 			case "metrics":
 				if d.NextArg() {
 					return nil, d.ArgErr()
@@ -269,6 +279,7 @@ func applyServerOptions(
 		server.MaxHeaderBytes = opts.MaxHeaderBytes
 		server.Protocols = opts.Protocols
 		server.StrictSNIHost = opts.StrictSNIHost
+		server.TrustedProxies = opts.TrustedProxies
 		server.Metrics = opts.Metrics
 		if opts.ShouldLogCredentials {
 			if server.Logs == nil {
author	Francis Lavoie <lavofr@gmail.com>	2023-01-10 00:08:23 -0500
committer	GitHub <noreply@github.com>	2023-01-10 00:08:23 -0500
commit	223cbe3d0b50487117c785f0755bb80a9ee65010 (patch)
tree	cf673da335e7470a50a7f1709464ec3f05e67291 /caddyconfig
parent	66ce0c5c635c4ff254ccb92123711534b6461b35 (diff)