cli icon indicating copy to clipboard operation
cli copied to clipboard

Published 20 hours ago verified publisher icon loophole

Forwarding real IP address in headers

Open valentino-sm opened this issue 3 years ago • 2 comments

Describe the bug The destination web service doesn't have any information about the real IP address. For obvious reasons, we can only see internal IPs as REMOTE_ADDR or SERVER_ADDR But X-Forwarded-For contains internal host as well.

To Reproduce Steps to reproduce the behavior:

  1. Setup the tunnel to phpinfo()
  2. We don't see any real IP headers.

Expected behavior Server-side daemon forwards REMOTE_ADDR to X-Real-IP or X-Forwarded-For.

Environment OS: Linux Version: 1.0.0-beta.15

valentino-sm avatar Jun 02 '22 08:06 valentino-sm

Hello, thank you for reporting this issue.

That's valid point. We will investigate and try to provide the solution for it while keeping current behavior.

Morishiri avatar Jun 03 '22 07:06 Morishiri

Yeah, there is a same problem in nodejs express too!

sancho1952007 avatar Oct 30 '22 16:10 sancho1952007