OvermindDL1
commented
5 years ago For note, "x-forwarded-for" is being the IP of, for a real example, "10.1.1.28", and removing the ++ @reserved from the proxies = Keyword.get(opts, :proxies, @proxies) ++ @reserved line in the init/1 callback of the RemoteIp plug is fixing it. This @reserved should not exist, or at the very least should not be hardcoded and rather should be overrideable (or just remove it since it just adds more to the proxy list anyway, which is already controllable via a setting).
I have a server at work and I need to only allow some internal IP's on specific paths, however I only get the proxy's IP (same machine, 127.0.0.1) instead of the actual IP's (10.1.1.28 and 192.168.3.143 as actual examples), yet external IP's are correct. This means that I cannot only allow some paths to certain subnets (like restricting one path to
10.1.0.0/16) unless I want to parse the header myself, which is of course not particularly safe as I have to be careful to do it right.The plug is defined in the endpoint as:
And yet it is not rewriting all IP's that I need to handle.