Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The evaluation of the X-Forwarded-For IPs will go from the first to the last. #7

Open
corentin59 opened this issue Sep 22, 2022 · 0 comments
Open

The evaluation of the X-Forwarded-For IPs will go from the first to the last. #7

corentin59 opened this issue Sep 22, 2022 · 0 comments

Comments

@corentin59
Copy link

Hello,

I read :

If Traefik is behind a load balancer, it won't be able to get the Real IP from the external client by checking the remote IP address.
This plugin solves this issue by overwriting the X-Real-Ip with an IP from the X-Forwarded-For header. The real IP will be the first one that is not included in any of the CIDRs passed as the ExcludedNets parameter. The evaluation of the X-Forwarded-For IPs will go from the last to the first one.

I'am behind cloufdlare and HAProxy before Traefik

[VISITOR] ---> [CLOUDFLARE] ---> [HAProxy] ---> [Traefik]

And my X-Forwared-For is:
VISITOR_IP, CLOUDFLARE_IP, HA_PROXY_IP.

In this case the visitor IP is the first X-Forwarded-For IP and not the last. Can you add an option to invert that ?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@corentin59