Skip to content

Add trusted proxies #385

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
InterN0te wants to merge 4 commits into from
Closed

Add trusted proxies #385

InterN0te wants to merge 4 commits into from

Conversation

@InterN0te
Copy link
Contributor

@InterN0te InterN0te commented Jan 21, 2025

Add trusted proxies

This pull request adds a parameter allowing the specification of a list of trusted proxies for which the X-Forwarded-For header will be used. This enhances security and management of IP addresses from trusted proxies.

Changes Made:

client/src/pages/config/users/configman.jsx :

  • Added the TrustedProxies field in the configuration form.
  • Handled the list of trusted proxies to generate a comma-separated string.
  • Added logic to process the conversion of the string into an IP address list.

client/src/utils/locales/en/translation.json :

  • Added labels and helper texts for trusted proxies in English.

client/src/utils/locales/fr/translation.json :

  • Added labels and helper texts for trusted proxies in French.

src/httpServer.go :

  • Updated server configuration to include the ClientRealIP middleware.

src/proxy/shield.go :

  • Updated logic to use IP addresses from X-Forwarded-For headers only if they come from trusted proxies.

src/utils/middleware.go :

  • Updated ClientRealIP middleware to use trusted proxies.
  • Updated middlewares BlockBannedIPs, BlockByCountryMiddleware, BlockPostWithoutReferer, EnsureHostname, and EnsureHostnameCosmosAPI to use IP addresses from trusted proxies.

src/utils/types.go :

  • Added TrustedProxies field to the HTTP configuration.

src/utils/utils.go :

  • Added IsTrustedProxy function to check if an IP address is in the trusted proxies list.
  • Updated GetClientIP function to use X-Forwarded-For only if it comes from a trusted proxy.

Note

I accidentally deleted PR #339, so here we go again

@cla-bot cla-bot bot added the cla-signed label Jan 21, 2025
azukaar
azukaar reviewed Jan 26, 2025
View reviewed changes
client/src/utils/locales/fr/translation.json Outdated
"mgmt.config.http.hostnameInput.HostnameValidation": "Le nom d'hôte est obligatoire",
"mgmt.config.http.publishMDNSCheckbox": "Cela vous permet de publier votre serveur sur votre réseau local en utilisant mDNS. Cela signifie que tous vos domaines .local seront disponibles sur votre réseau local sans configuration supplémentaire.",
"mgmt.config.http.trustedProxiesInput.trustedProxiesLabel": "Trusted proxies allow X-Forwarded-For from IP/IP range.",
"mgmt.config.http.trustedProxiesInput.trustedProxiesHelperText": "Use this setting when you have an upstream proxy server to avoid it being blocked by Shield. IPs or IP ranges separated by commas.",
Copy link
Owner

@azukaar azukaar Jan 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You added english into the french file :p

Copy link
Contributor Author

@InterN0te InterN0te Feb 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be good now !

@azukaar azukaar mentioned this pull request Jan 27, 2025
Open
InterN0te and others added 3 commits February 1, 2025 20:35
@InterN0te
Fix french translation
4a4f526
@InterN0te
Revert "Fix french translation"
614d1c1 
This reverts commit 4a4f526.
@InterN0te
Fix french translation
35971cf 
Remove unwanted edition of last line
@InterN0te InterN0te closed this by deleting the head repository Jan 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@azukaar azukaar azukaar left review comments

Assignees

No one assigned

Labels

cla-signed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@InterN0te @azukaar