# HG changeset patch # User Kim Alvefur # Date 1685822000 -7200 # Node ID f45a29b32f7a4abfff9eca229b2246a7cfeb1c1c # Parent d043834f15d20d009ca8c549c035d2a6d7bda2e7 mod_http: Make RFC 7239 Forwarded opt-in for now to be safe Supporting both methods at the same time may open to spoofing attacks, whereby a client sends a Forwarded header that is not stripped by a reverse proxy, leading Prosody to use that instead of the X-Forwarded-* headers actually sent by the proxy. By only supporting one at a time, it can be configured to match what the proxy uses. Disabled by default since implementations are sparse and X-Forwarded-* are everywhere. diff -r d043834f15d2 -r f45a29b32f7a CHANGES --- a/CHANGES Sat Jun 03 17:10:04 2023 +0200 +++ b/CHANGES Sat Jun 03 21:53:20 2023 +0200 @@ -42,7 +42,7 @@ - mod_blocklist: New option 'migrate_legacy_blocking' to disable migration from mod_privacy - Ability to use SQLite3 storage using LuaSQLite3 instead of LuaDBI - Moved all modules into the Lua namespace `prosody.` -- Forwarded header from RFC 7239 supported +- Forwarded header from RFC 7239 supported, disabled by default ## Removed diff -r d043834f15d2 -r f45a29b32f7a plugins/mod_http.lua --- a/plugins/mod_http.lua Sat Jun 03 17:10:04 2023 +0200 +++ b/plugins/mod_http.lua Sat Jun 03 21:53:20 2023 +0200 @@ -333,10 +333,16 @@ break end end + end - -- Ignore legacy X-Forwarded-For and X-Forwarded-Proto, handling both seems unfeasible. - return ip, secure; - end + return ip, secure; +end + +-- TODO switch to RFC 7239 by default once support is more common +if module:get_option_boolean("http_legacy_x_forwarded", true) then +function get_forwarded_connection_info(request) --> ip:string, secure:boolean + local ip = request.ip; + local secure = request.secure; -- set by net.http.server local forwarded_for = request.headers.x_forwarded_for; if forwarded_for then @@ -360,6 +366,7 @@ return ip, secure; end +end module:wrap_object_event(server._events, false, function (handlers, event_name, event_data) local request = event_data.request;