diff options
author | Francis Lavoie <lavofr@gmail.com> | 2023-01-10 00:08:23 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-01-10 00:08:23 -0500 |
commit | 223cbe3d0b50487117c785f0755bb80a9ee65010 (patch) | |
tree | cf673da335e7470a50a7f1709464ec3f05e67291 /modules/caddyhttp/reverseproxy/reverseproxy.go | |
parent | 66ce0c5c635c4ff254ccb92123711534b6461b35 (diff) |
caddyhttp: Add server-level `trusted_proxies` config (#5103)
Diffstat (limited to 'modules/caddyhttp/reverseproxy/reverseproxy.go')
-rw-r--r-- | modules/caddyhttp/reverseproxy/reverseproxy.go | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 3adec3d..88d98e8 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -701,16 +701,14 @@ func (h Handler) addForwardedHeaders(req *http.Request) error { // Client IP may contain a zone if IPv6, so we need // to pull that out before parsing the IP - if before, _, found := strings.Cut(clientIP, "%"); found { - clientIP = before - } + clientIP, _, _ = strings.Cut(clientIP, "%") ipAddr, err := netip.ParseAddr(clientIP) if err != nil { return fmt.Errorf("invalid IP address: '%s': %v", clientIP, err) } // Check if the client is a trusted proxy - trusted := false + trusted := caddyhttp.GetVar(req.Context(), caddyhttp.TrustedProxyVarKey).(bool) for _, ipRange := range h.trustedProxies { if ipRange.Contains(ipAddr) { trusted = true |