[Misc]: X-Forwarded-For header

Question

[Misc]: X-Forwarded-For header

jonaro00 opened this issue a year ago · 5 comments

X-Forwarded-For header enables getting the remote IP in proxied HTTP requests.

There might be even more proxy headers that are relevant to set, such as X-Forwarded-Proto https://discord.com/channels/803236282088161321/1178078233544097862

_{This issue is a part of the Product Feature Poll (all issues). React with 👍 if you want this feature. Comment if you have suggestions related to this feature.}

Answer 1 · 2024-04-06T15:14:53.000Z

What has to be done exactly on this? Sorry but I did not fully understand reading the Discord chats

Answer 2 · 2024-04-08T07:50:54.000Z

The Shuttle team will work on this in due time after upcoming changes to the proxy.

Answer 3 · 2024-09-27T02:54:41.000Z

I think this is fixed?

Shuttle calls hyper_reverse_proxy::ReverseProxy::call here which internally handles adding the X-Forwarded-For if it doesn't exist here. The first argument to the call method is the client's IP to use for this.

I don't think it sets X-Forwarded-Proto so maybe that is why this issue is still open?

Answer 4 · 2024-09-27T07:43:11.000Z

I think this is fixed?

Shuttle calls hyper_reverse_proxy::ReverseProxy::call here which internally handles adding the X-Forwarded-For if it doesn't exist here. The first argument to the call method is the client's IP to use for this.

I don't think it sets X-Forwarded-Proto so maybe that is why this issue is still open?

Unfortunately, we did not find a solution on the current platform. The proxy is behind an AWS NLB, which can forward the client IP by preserving it (a connection from the NLB will have the IP of the original client), it can't set headers. Then, the traffic hits a Docker swarm load balancer before it hits the proxy, which changes the IP (which was the client IP up to this point) of the connection made to the proxy to the IP of the load balancer.

However, we are working on a new version of the platform, that is due to be opened in the next few weeks. On the new version, we are no longer using Docker swarm, and the new proxy is built with Pingora. There, the X-Forwarded-For header is already supported, and we intend to add more proxy headers as well. If you want to test the new platform before it is more widely announced, reach out to us on Discord, and we can get you set up with access!

Answer 5 · 2024-10-22T23:12:27.000Z

X-Forwarded-For is supported on shuttle.dev