Open heapstack-developer opened 3 years ago
@Tratcher please review
Yeah, it's a complicated flow and an execution example would help. There's the start of one here that shows the setup: https://github.com/dotnet/AspNetCore.Docs/blob/master/aspnetcore/host-and-deploy/proxy-load-balancer.md#forwarded-headers-middleware-options (I'm ignoring the X-Forwarded-For-My-Custom-Header-Name setting...)
Next you'd need to specify the initial values for RemoteIpAddress, Scheme, and Host (127.0.10.1
, http
, and internalhost
). These represent the connection to the most immediate proxy.
Now you need some headers: X-Forwarded-For: 1.1.1.1, 2.2.2.2, 3.3.3.3 X-Forwarded-Proto: https, http X-Forwarded-Host: publicdomain.org, middletier.mydomain
Now for the flow:
127.0.10.1
, http
, and internalhost
). 127.0.10.1
is on the KnownProxies
list so we trust it and continue.3.3.3.3
,http
, mymiddltier.mydomain
. 3.3.3.3 is not on the KnownProxies
list so processing stops and these values get assigned to RemoteIpAddress, Scheme, and Host.If I added 3.3.3.3
to the KnownProxies
list then it would have continued on to the next set.
2.2.2.2
, https
, publicdomain.org
. Now we hit two stops, 2.2.2.2
isn't on the KnownProxies list and we've hit the ForwardLimit of 2, so these values are assigned to the request and processing stops.Also note that values are removed from the x-forwarded- headers as they're processed, and old values are stored in x-original- headers.
Hi,
The description about
HttpContext.Connection.RemoteIpAddress
is a little bit confusing. I would suggest putting an example of how it exactly works including also theoptions.ForwardLimit
.Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.