3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-31 01:47:33 +02:00
Code Issues Projects Releases Packages Wiki Activity

new skip_xff_append option (#1788)

Browse source 
Added `skip_xff_append` configuration option. When set, proxy would not append it's IP address to `x-forwarded-for` HTTP header.
This commit is contained in:
wasaga 2021-01-20 10:56:29 -05:00 committed by GitHub
parent d9699cbcb9
commit c6b6141d12
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 136 additions and 93 deletions
Download patch file Download diff file Expand all files Collapse all files

8
config/options.go
View file

@ -268,6 +268,10 @@ type Options struct {
viper *viper.Viper
AutocertOptions `mapstructure:",squash" yaml:",inline"`
// SkipXffAppend instructs proxy not to append its IP address to x-forwarded-for header.
// see https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers.html?highlight=skip_xff_append#x-forwarded-for
SkipXffAppend bool `mapstructure:"skip_xff_append" yaml:"skip_xff_append,omitempty" json:"skip_xff_append,omitempty"`
}
type certificateFilePair struct {
@ -311,6 +315,7 @@ var defaultOptions = Options{
Folder: dataDir(),
},
DataBrokerStorageType: "memory",
SkipXffAppend: false,
}
// NewDefaultOptions returns a copy the default options. It's the caller's
@ -938,6 +943,9 @@ func (o *Options) ApplySettings(settings *config.Settings) {
if settings.AutocertDir != nil {
o.AutocertOptions.Folder = settings.GetAutocertDir()
}
if settings.SkipXffAppend != nil {
o.SkipXffAppend = settings.GetSkipXffAppend()
}
}
// handleConfigUpdate takes configuration file, an existing options struct, and