go-libp2p icon indicating copy to clipboard operation
go-libp2p copied to clipboard

Published 20 hours ago verified publisher icon libp2p

websocket: record X-Real-IP header

Open magik6k opened this issue 6 years ago • 3 comments

We currently don't support TLS here, so a reverse proxy needs to be set up, which has the side effect of loosing real ip addresses in ipfs swarm peers.

We could check if the X-Real-IP header is set when accepting connections and change the ip address we report as the remote (and probably only do that when we proxy from localhost)

magik6k avatar Jun 07 '19 11:06 magik6k

That also should come with a way to set trusted reverse proxy because else someone could do a real ws conn with a X-Real-IP and change his ip to someone else for you. (the reverse proxy would be an ip or ip range (/ip4/127.0.0.1 by default) and if the connection is made via here we can know X-Real-IP should be real)

Jorropo avatar Jul 12 '19 12:07 Jorropo

Here's how I think we could implement this:

  • Add option to always trust this header
  • By default, trust this header only of private network/localhost

MarcoPolo avatar Jun 19 '23 18:06 MarcoPolo