request-ip icon indicating copy to clipboard operation
request-ip copied to clipboard

Published 20 hours ago verified publisher icon pbojinov

RFC-7239 "Forwarded" header not properly supported

Open Waschnick opened this issue 2 years ago • 2 comments

Current issue

  • The value of the Forwarded header is actually a complex object and not a simple IP, cf. RFC-7239
  • Example: for=123.34.567.89,for=192.0.2.43;by=[APIGW_IP];host=apiid.execute-api.us-east-1.amazonaws.com;proto=https
  • Example 2: for=94.134.90.17;host=public-api.example.org;proto=https (from our app logs)

Proposed solution

  • Write a function getClientIpFromForwarded similar to getClientIpFromXForwardedFor

Use Case

We are using AWS API Gateway with a private ALB (load balancer) and need the IP to use for getting the geo location. AWS API Gateway uses the Forwarded header for the client ip (see example 2). (And the ALB will set X-Forwarded-For with the private class-c IP from the ALB, but that's another issue)

I would also be open to contribute a PR with tests and the required changes. WDYT?

Sources

  • https://tools.ietf.org/html/rfc7239
  • https://medium.com/@lancers/amazon-api-gateway-explaining-http-proxy-in-http-api-3ea0afe6b03c#:~:text=Forwarded%20header,de%2Dfacto%2Dstandard

Waschnick avatar Sep 13 '22 14:09 Waschnick

@Waschnick thank you for posting this and for the detailed example.

I'd be open to accept a PR with tests for this as long as it's backwards compatible with the main function / we can expose a new public function getClientIpFromXForwardedFor

pbojinov avatar Sep 13 '22 22:09 pbojinov

HI @pbojinov, @Waschnick! I created a PR to fix this issue, it would be cool if you could review it! You can fin it here: #71

martindeamorin avatar Nov 07 '22 19:11 martindeamorin