# HG changeset patch # User Olaf Wintermann # Date 1773339275 -3600 # Node ID 4be837389b9e53b12c732362d6da7bcd93b5d1f6 # Parent 5ad3bda4aca1f26df05ca8e9c41a581fa0988ef6 implement proxy forwarded/x-forwarded headers diff -r 5ad3bda4aca1 -r 4be837389b9e src/server/safs/proxy.c --- a/src/server/safs/proxy.c Sat Mar 07 23:35:16 2026 +0100 +++ b/src/server/safs/proxy.c Thu Mar 12 19:14:35 2026 +0100 @@ -318,6 +318,22 @@ const char *method = pblock_findkeyval(pb_key_method, rq->reqpb); const char *uri = pblock_findkeyval(pb_key_uri, rq->reqpb); const char *query = pblock_findkeyval(pb_key_query, rq->reqpb); + const char *forward = pblock_findval("forwarded", rq->reqpb); + + char *host = pblock_findval("host", rq->headers); + + int forwarded_headers = 0; + if(forward) { + if(!strcmp(forward, "true")) { + forwarded_headers = 1; + } else if(!strcmp(forward, "forwarded")) { + forwarded_headers = 1; + } else if(!strcmp(forward, "rfc7239")) { + forwarded_headers = 1; + } else if(!strcmp(forward, "xforwarded")) { + forwarded_headers = 2; + } + } //log_ereport(LOG_INFORM, "reverse-proxy: %s %s", method, uri); @@ -491,6 +507,25 @@ return REQ_ABORTED; } + char *ip = pblock_findkeyval(pb_key_ip, sn->client); + if(forwarded_headers == 1) { + char buf[512]; + int n = snprintf(buf, 512, "host=\"%s\";for=\"%s\";proto=%s", host, ip, "https"); // TODO: proto + if(n > 511 || http_client_add_request_header_copy(client, cx_str("forwarded"), cx_str(buf))) { + http_client_free(client); + return REQ_ABORTED; + } + } else if(forwarded_headers == 2) { + if(http_client_add_request_header(client, cx_mutstr("x-forwarded-for"), cx_mutstr(ip))) { + http_client_free(client); + return REQ_ABORTED; + } + if(http_client_add_request_header(client, cx_mutstr("x-forwarded-host"), cx_mutstr(host))) { + http_client_free(client); + return REQ_ABORTED; + } + } + // add request headers to the client CxIterator i = pblock_iterator(rq->headers); cx_foreach(pb_entry*, entry, i) {