Mosquitto: Retrieve websocket client address from X-Real-IP/X-Forwarded-For headers

Created on 22 Dec 2016  路  3Comments  路  Source: eclipse/mosquitto

LWS has had support for X-Real-IP and recently added X-Fowarded-For: https://github.com/warmcat/libwebsockets/commit/64ee08a895208d65e5869a9f413da67c09fa3ac8

Mosquitto should have an option to retrieve the contents of one of these headers, instead of calling getpeername by way of _mosquitto_socket_get_address. This needs to be done during the HTTP part of the handshake, as documented here:
https://libwebsockets.org/lws-api-doc-master/html/group__HTTP-headers-read.html

enhancement mosquitto-broker

Most helpful comment

This would be really nice. @ralight is this doable?

All 3 comments

That sounds reasonable to me, thanks for the pointer.

I have a preliminary implementation which I use now in our systems:

https://github.com/robymus/mosquitto/commit/c5cfe68ae722ceb98e4f2ad64875e04f5582f27a

However, a configuration option would be nice, to use these headers only when requested or when the source ip is matching a pattern (localhost, or local network, or proxy address?) - it is alright and useful, when the websocket connection is passed through a reverse proxy, but when it is directly on the internet, it opens up the system for ip address spoofing.

Could you give some pointers what configuration options would be reasonable, to be in sync with existing ones?

This would be really nice. @ralight is this doable?

Was this page helpful?
0 / 5 - 0 ratings

Related issues

CodingSpiderFox picture CodingSpiderFox  路  3Comments

chipengliu picture chipengliu  路  5Comments

ibrahimkoujar picture ibrahimkoujar  路  7Comments

OkenKhuman picture OkenKhuman  路  3Comments

johb picture johb  路  7Comments