Why does `ForwardedHeadersTrustedIPs` exists ? Isn't it Traefik's `forwardedHeaders->trustedIPs` job ?

Hello,

I see that the traefik plugin has a [`ForwardedHeadersTrustedIPs` directive](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/734975c206fb3fa46833ef96b054ed512bb03baf/README.md?plain=1#L413C3-L413C29) that seems to be required when working with an upstream (lb, rp, cdn etc.).

However, Traefik itself has both [`forwardedHeaders.trustedIPs`](https://doc.traefik.io/traefik/routing/entrypoints/?utm_source=chatgpt.com#forwarded-headers)  and [`proxyProtocol.trustedIPs`](https://doc.traefik.io/traefik/routing/entrypoints/?utm_source=chatgpt.com#forwarded-headers) directives.

I would have expected the latest to override the source IP (as it commonly happens in ie. nginx when x-forwarded-for is configured). If the natif traefik directives are used, is `ForwardedHeadersTrustedIPs` still needed ?

It might simply be my lack of knowledge about traefik, Thanks!

PS: I'm asking because I'm trying to update CrowdSec's official Traefik documentation, and this seems like a common pitfall.

 

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Why does `ForwardedHeadersTrustedIPs` exists ? Isn't it Traefik's `forwardedHeaders->trustedIPs` job ? #264

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Why does ForwardedHeadersTrustedIPs exists ? Isn't it Traefik's forwardedHeaders->trustedIPs job ? #264

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions

Why does `ForwardedHeadersTrustedIPs` exists ? Isn't it Traefik's `forwardedHeaders->trustedIPs` job ? #264