search

sereneblue / chameleon

WebExtension port of Random Agent Spoofer
https://sereneblue.github.io/chameleon
GNU General Public License v3.0
521 stars 53 forks source link

Replace X-Forwarded-For/Via by Forwarded Standard #567

Open kekkc opened 1 year ago

kekkc commented 1 year ago

Hi,

new Cloudflare checkings fail if X-Forwarded-For/Via is spoofed. In addition sites discontinue to load with it, e.g. https://www.daz3d.com/forums/discussion/235556/mud-shaders . Problem: currently X-Forwarded-For/Via are both send with the same IP, although X-Forwarded-For should describe the client, while Via should describe the proxy.

However, the new standard header is forwarded and it's suggested to replace X-Forwarded-For/Via with Forwarded: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded

X-Forwarded-For: 192.0.2.172
Forwarded: for=192.0.2.172

X-Forwarded-For: 192.0.2.43, "[2001:db8:cafe::17]"
Forwarded: for=192.0.2.43, for="[2001:db8:cafe::17]"

Would be awesome if this could be included in Chameleon.

EDIT: more & more standard application use forwarded instead of x-forwarded-*, e.g. HAProxy https://github.com/haproxy/haproxy/issues/575

sereneblue commented 1 year ago

Thank @kekkc! I wasn't aware that there's a new standard for this. This is something I can add in a future update.