LWS has had support for X-Real-IP and recently added X-Fowarded-For: https://github.com/warmcat/libwebsockets/commit/64ee08a895208d65e5869a9f413da67c09fa3ac8
Mosquitto should have an option to retrieve the contents of one of these headers, instead of calling getpeername by way of _mosquitto_socket_get_address. This needs to be done during the HTTP part of the handshake, as documented here:
https://libwebsockets.org/lws-api-doc-master/html/group__HTTP-headers-read.html
That sounds reasonable to me, thanks for the pointer.
I have a preliminary implementation which I use now in our systems:
https://github.com/robymus/mosquitto/commit/c5cfe68ae722ceb98e4f2ad64875e04f5582f27a
However, a configuration option would be nice, to use these headers only when requested or when the source ip is matching a pattern (localhost, or local network, or proxy address?) - it is alright and useful, when the websocket connection is passed through a reverse proxy, but when it is directly on the internet, it opens up the system for ip address spoofing.
Could you give some pointers what configuration options would be reasonable, to be in sync with existing ones?
This would be really nice. @ralight is this doable?
Most helpful comment
This would be really nice. @ralight is this doable?