Sockopt config: Add trustedXForwardedFor (for XHTTP, WS, HU inbounds) (#5331)

Fixes https://github.com/XTLS/Xray-core/pull/5101#issuecomment-3404979909
This commit is contained in:
RPRX
2025-11-23 01:09:49 +00:00
committed by GitHub
parent d41840132a
commit 2969a189e6
8 changed files with 119 additions and 67 deletions
+19 -7
View File
@@ -21,9 +21,10 @@ import (
)
type requestHandler struct {
host string
path string
ln *Listener
host string
path string
ln *Listener
socketSettings *internet.SocketConfig
}
var replacer = strings.NewReplacer("+", "-", "/", "_", "=", "")
@@ -64,7 +65,17 @@ func (h *requestHandler) ServeHTTP(writer http.ResponseWriter, request *http.Req
return
}
forwardedAddrs := http_proto.ParseXForwardedFor(request.Header)
var forwardedAddrs []net.Address
if h.socketSettings != nil && len(h.socketSettings.TrustedXForwardedFor) > 0 {
for _, key := range h.socketSettings.TrustedXForwardedFor {
if len(request.Header.Values(key)) > 0 {
forwardedAddrs = http_proto.ParseXForwardedFor(request.Header)
break
}
}
} else {
forwardedAddrs = http_proto.ParseXForwardedFor(request.Header)
}
remoteAddr := conn.RemoteAddr()
if len(forwardedAddrs) > 0 && forwardedAddrs[0].Family().IsIP() {
remoteAddr = &net.TCPAddr{
@@ -132,9 +143,10 @@ func ListenWS(ctx context.Context, address net.Address, port net.Port, streamSet
l.server = http.Server{
Handler: &requestHandler{
host: wsSettings.Host,
path: wsSettings.GetNormalizedPath(),
ln: l,
host: wsSettings.Host,
path: wsSettings.GetNormalizedPath(),
ln: l,
socketSettings: streamSettings.SocketSettings,
},
ReadHeaderTimeout: time.Second * 4,
MaxHeaderBytes: 8192,