From 05e9974570a08df14b1162a1e98315d4ee9ec2ee Mon Sep 17 00:00:00 2001
From: Francis Lavoie <lavofr@gmail.com>
Date: Mon, 27 Mar 2023 16:22:59 -0400
Subject: caddyhttp: Determine real client IP if trusted proxies configured
 (#5104)

* caddyhttp: Determine real client IP if trusted proxies configured

* Support customizing client IP header

* Implement client_ip matcher, deprecate remote_ip's forwarded option
---
 modules/caddyhttp/app.go | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'modules/caddyhttp/app.go')

diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go
index 670185a..ceb62f4 100644
--- a/modules/caddyhttp/app.go
+++ b/modules/caddyhttp/app.go
@@ -232,6 +232,11 @@ func (app *App) Provision(ctx caddy.Context) error {
 			srv.trustedProxies = val.(IPRangeSource)
 		}
 
+		// set the default client IP header to read from
+		if srv.ClientIPHeaders == nil {
+			srv.ClientIPHeaders = []string{"X-Forwarded-For"}
+		}
+
 		// process each listener address
 		for i := range srv.Listen {
 			lnOut, err := repl.ReplaceOrErr(srv.Listen[i], true, true)
-- 
cgit v1.2.3