diff options
author | Francis Lavoie <lavofr@gmail.com> | 2023-03-27 16:22:59 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-03-27 20:22:59 +0000 |
commit | 05e9974570a08df14b1162a1e98315d4ee9ec2ee (patch) | |
tree | e11e345766dc53c25f901a7402ceb489b4416fe9 /caddytest | |
parent | 330be2d8c793147d3914f944eecb96c18f2eabff (diff) |
caddyhttp: Determine real client IP if trusted proxies configured (#5104)
* caddyhttp: Determine real client IP if trusted proxies configured
* Support customizing client IP header
* Implement client_ip matcher, deprecate remote_ip's forwarded option
Diffstat (limited to 'caddytest')
-rw-r--r-- | caddytest/integration/caddyfile_adapt/global_server_options_single.txt | 7 | ||||
-rw-r--r-- | caddytest/integration/caddyfile_adapt/matcher_syntax.txt | 25 |
2 files changed, 32 insertions, 0 deletions
diff --git a/caddytest/integration/caddyfile_adapt/global_server_options_single.txt b/caddytest/integration/caddyfile_adapt/global_server_options_single.txt index d963604..300b4ac 100644 --- a/caddytest/integration/caddyfile_adapt/global_server_options_single.txt +++ b/caddytest/integration/caddyfile_adapt/global_server_options_single.txt @@ -15,6 +15,8 @@ protocols h1 h2 h2c h3 strict_sni_host trusted_proxies static private_ranges + client_ip_headers Custom-Real-Client-IP X-Forwarded-For + client_ip_headers A-Third-One } } @@ -67,6 +69,11 @@ foo.com { ], "source": "static" }, + "client_ip_headers": [ + "Custom-Real-Client-IP", + "X-Forwarded-For", + "A-Third-One" + ], "logs": { "should_log_credentials": true }, diff --git a/caddytest/integration/caddyfile_adapt/matcher_syntax.txt b/caddytest/integration/caddyfile_adapt/matcher_syntax.txt index fb3dfb6..ffab2c7 100644 --- a/caddytest/integration/caddyfile_adapt/matcher_syntax.txt +++ b/caddytest/integration/caddyfile_adapt/matcher_syntax.txt @@ -43,6 +43,9 @@ @matcher11 remote_ip private_ranges respond @matcher11 "remote_ip matcher with private ranges" + + @matcher12 client_ip private_ranges + respond @matcher12 "client_ip matcher with private ranges" } ---------- { @@ -250,6 +253,28 @@ "handler": "static_response" } ] + }, + { + "match": [ + { + "client_ip": { + "ranges": [ + "192.168.0.0/16", + "172.16.0.0/12", + "10.0.0.0/8", + "127.0.0.1/8", + "fd00::/8", + "::1" + ] + } + } + ], + "handle": [ + { + "body": "client_ip matcher with private ranges", + "handler": "static_response" + } + ] } ] } |