mirror of
https://github.com/XTLS/Xray-core.git
synced 2026-07-02 17:58:46 +00:00
Sockopt config: Add trustedXForwardedFor (for XHTTP, WS, HU inbounds) (#5331)
Fixes https://github.com/XTLS/Xray-core/pull/5101#issuecomment-3404979909
This commit is contained in:
@@ -21,9 +21,10 @@ import (
|
||||
)
|
||||
|
||||
type requestHandler struct {
|
||||
host string
|
||||
path string
|
||||
ln *Listener
|
||||
host string
|
||||
path string
|
||||
ln *Listener
|
||||
socketSettings *internet.SocketConfig
|
||||
}
|
||||
|
||||
var replacer = strings.NewReplacer("+", "-", "/", "_", "=", "")
|
||||
@@ -64,7 +65,17 @@ func (h *requestHandler) ServeHTTP(writer http.ResponseWriter, request *http.Req
|
||||
return
|
||||
}
|
||||
|
||||
forwardedAddrs := http_proto.ParseXForwardedFor(request.Header)
|
||||
var forwardedAddrs []net.Address
|
||||
if h.socketSettings != nil && len(h.socketSettings.TrustedXForwardedFor) > 0 {
|
||||
for _, key := range h.socketSettings.TrustedXForwardedFor {
|
||||
if len(request.Header.Values(key)) > 0 {
|
||||
forwardedAddrs = http_proto.ParseXForwardedFor(request.Header)
|
||||
break
|
||||
}
|
||||
}
|
||||
} else {
|
||||
forwardedAddrs = http_proto.ParseXForwardedFor(request.Header)
|
||||
}
|
||||
remoteAddr := conn.RemoteAddr()
|
||||
if len(forwardedAddrs) > 0 && forwardedAddrs[0].Family().IsIP() {
|
||||
remoteAddr = &net.TCPAddr{
|
||||
@@ -132,9 +143,10 @@ func ListenWS(ctx context.Context, address net.Address, port net.Port, streamSet
|
||||
|
||||
l.server = http.Server{
|
||||
Handler: &requestHandler{
|
||||
host: wsSettings.Host,
|
||||
path: wsSettings.GetNormalizedPath(),
|
||||
ln: l,
|
||||
host: wsSettings.Host,
|
||||
path: wsSettings.GetNormalizedPath(),
|
||||
ln: l,
|
||||
socketSettings: streamSettings.SocketSettings,
|
||||
},
|
||||
ReadHeaderTimeout: time.Second * 4,
|
||||
MaxHeaderBytes: 8192,
|
||||
|
||||
Reference in New Issue
Block a user