Add a proxy-count option to support multiple proxies#9
Open
danielcompton wants to merge 1 commit intoring-clojure:masterfrom
Open
Add a proxy-count option to support multiple proxies#9danielcompton wants to merge 1 commit intoring-clojure:masterfrom
danielcompton wants to merge 1 commit intoring-clojure:masterfrom
Conversation
In some environments, a request may be forwarded through multiple trusted proxies before it reaches the ring server. This commit adds a proxy-count option to configure how far from the end the middleware should look for the 'real' :remote-address.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In some environments, a request may be forwarded through multiple trusted proxies before it reaches the ring server. This commit adds a proxy-count option to configure how far from the end the middleware should look for the 'real' :remote-address.
For a concrete example, take Google Cloud App Engine Flexible with Docker. A request comes into the load balancer. The request is proxied to a web server on the VM, where it is re-proxied a final time to the application. In this case, if a request starts with no X-Forwarded-For headers, it will end up looking something like
{:headers {"X-Forwarded-For" "122.54.196.223, 216.58.196.147"} :remote-addr "172.17.0.5" ;; ... }where 122.54.196.223 is my home IP address, 216.58.196.147 is the Google load balancer address, and 172.17.0.5 is the Docker container bridge IP address.
Also, what do you think should happen if
proxy-countis set to 0? Is that an error condition, or should this middleware remove itself and just call(handler request)?This is not ready for merging, I'm opening this up for discussion on naming, documentation, implementation details, etc. What are your thoughts?