Caddy: Proxy preset "transparent" should use X-Forwarded-For

Created on 6 Jul 2016 · 8Comments · Source: caddyserver/caddy

The new proxy transparent preset is defined to used X-Real-IP, but should probably use X-Forwarded-For instead. Wikipedia actually has great docs for this: https://en.wikipedia.org/wiki/X-Forwarded-For

Same goes for the docs example that currently recommends X-Real-IP.

Weirdly, Nginx seems to default to X-Real-IP. No reason stated though. And a quick googling shows that X-Real-IP has caused lots of confusion and config errors. Should be avoided.

Source

cederberg

Most helpful comment

I am ok with setting both, but I am not ok with trusting either as the remote address on incoming requests. Anybody can set that header and there is no way to authenticate it unless it is coming from a proxy you expect and trust. Thats why I made the real-ip module.

captncraig on 7 Jul 2016

👍2

All 8 comments

I'll look into this -- also what is @captncraig's feedback? (author of the realip plugin)

mholt on 6 Jul 2016

We could go the save route and enable both on "transparent". People concerned about the additional bandwidth of an additional header could just fallback to their own headers.