Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TODO: Support of Forwarded header #124

Open
junkurihara opened this issue Dec 7, 2023 · 1 comment
Open

TODO: Support of Forwarded header #124

junkurihara opened this issue Dec 7, 2023 · 1 comment
Labels
help wanted Extra attention is needed

Comments

@junkurihara
Copy link
Owner

In addition to X-Forwarded-For, rpxy should support Forwarded extension header in RFC7239.

c.f. https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/
@junkurihara junkurihara added the help wanted Extra attention is needed label Feb 1, 2024
@xkr47
Copy link
Contributor

xkr47 commented Nov 1, 2024
edited
Loading

Archive version of nginx docs: https://web.archive.org/web/20240511013834/https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/

So, my first thoughts on configuration options we could add:

  • downstream
    • trust downstream Forwarded header: y/N
      • only with included secret: _______________ (comma-separated list)
      • OR from given ips: _______________ (comma-separated list)
      • trust any upstreams of above: y/N
  • upstream
    • add/extend Forwarded header: Y/n
      • add secret: ______________
      • obfuscate "for" parameter: Y/n
    • remove malformed entries: Y/n (maybe force-yes this when "add/extend" is enabled above?)
    • remove other downstream X-Forwarded-* etc headers when Forwarded header added/present: Y/n

WDYT? Too much?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xkr47 @junkurihara