Rick-Anderson
commented
3 years ago @Tratcher please review
Open heapstack-developer opened 3 years ago
Rick-Anderson
commented
3 years ago @Tratcher please review
Tratcher
commented
3 years ago Yeah, it's a complicated flow and an execution example would help. There's the start of one here that shows the setup: https://github.com/dotnet/AspNetCore.Docs/blob/master/aspnetcore/host-and-deploy/proxy-load-balancer.md#forwarded-headers-middleware-options (I'm ignoring the X-Forwarded-For-My-Custom-Header-Name setting...)
Next you'd need to specify the initial values for RemoteIpAddress, Scheme, and Host (127.0.10.1, http, and internalhost). These represent the connection to the most immediate proxy.
Now you need some headers: X-Forwarded-For: 1.1.1.1, 2.2.2.2, 3.3.3.3 X-Forwarded-Proto: https, http X-Forwarded-Host: publicdomain.org, middletier.mydomain
Now for the flow:
127.0.10.1, http, and internalhost). 127.0.10.1 is on the KnownProxies list so we trust it and continue.3.3.3.3,http, mymiddltier.mydomain. 3.3.3.3 is not on the KnownProxies list so processing stops and these values get assigned to RemoteIpAddress, Scheme, and Host.If I added 3.3.3.3 to the KnownProxies list then it would have continued on to the next set.
2.2.2.2, https, publicdomain.org. Now we hit two stops, 2.2.2.2 isn't on the KnownProxies list and we've hit the ForwardLimit of 2, so these values are assigned to the request and processing stops.Also note that values are removed from the x-forwarded- headers as they're processed, and old values are stored in x-original- headers.
Hi,
The description about
HttpContext.Connection.RemoteIpAddressis a little bit confusing. I would suggest putting an example of how it exactly works including also theoptions.ForwardLimit.Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.