diff options
| author | metamuffin <metamuffin@disroot.org> | 2024-04-28 23:51:13 +0200 |
|---|---|---|
| committer | metamuffin <metamuffin@disroot.org> | 2024-04-28 23:51:13 +0200 |
| commit | 6e3407b99c76f5e63f923a76fbafd34610483ae1 (patch) | |
| tree | ba40d4129043ed0a6bd477910377fa336f56e892 | |
| parent | ec1648b19187d3edce40785942357fba51a3a0c0 (diff) | |
| download | gnix-6e3407b99c76f5e63f923a76fbafd34610483ae1.tar gnix-6e3407b99c76f5e63f923a76fbafd34610483ae1.tar.bz2 gnix-6e3407b99c76f5e63f923a76fbafd34610483ae1.tar.zst | |
x-real-ip
| -rw-r--r-- | readme.md | 6 | ||||
| -rw-r--r-- | src/filters/proxy.rs | 16 |
2 files changed, 5 insertions, 17 deletions
@@ -60,9 +60,9 @@ hosts: ### Filters - **filter `proxy`** - - Forwards the request as-is to some other server. `x-forwarded-proto` and - `x-forwarded-for` headers are injected into the request. Connection upgrades - are handled by direct forwarding of network traffic. + - Forwards the request as-is to some other server. the `x-real-ip` header is + injected into the request. Connection upgrades are handled by direct + forwarding of network traffic. - `backend`: socket address (string) to the backend server - **filter `files`** - Provides a simple built-in fileserver. The server handles `accept-ranges`. diff --git a/src/filters/proxy.rs b/src/filters/proxy.rs index 0e1a556..7cfc643 100644 --- a/src/filters/proxy.rs +++ b/src/filters/proxy.rs @@ -3,10 +3,7 @@ use http_body_util::{combinators::BoxBody, BodyExt}; use hyper::{ body::Incoming, header::UPGRADE, - http::{ - uri::{PathAndQuery, Scheme}, - HeaderValue, - }, + http::{uri::PathAndQuery, HeaderValue}, upgrade::OnUpgrade, Request, Uri, }; @@ -23,7 +20,6 @@ pub async fn proxy_request( #[cfg(feature = "mond")] state.reporting.request_out.inc(); - let scheme_secure = req.uri().scheme() == Some(&Scheme::HTTPS); *req.uri_mut() = Uri::builder() .path_and_query( req.uri() @@ -36,17 +32,9 @@ pub async fn proxy_request( .unwrap(); req.headers_mut().insert( - "x-forwarded-for", + "x-real-ip", HeaderValue::from_str(&format!("{addr}")).unwrap(), ); - req.headers_mut().insert( - "x-forwarded-proto", - if scheme_secure { - HeaderValue::from_static("https") - } else { - HeaderValue::from_static("http") - }, - ); let do_upgrade = req.headers().contains_key(UPGRADE); let on_upgrade_downstream = req.extensions_mut().remove::<OnUpgrade>(); |