X-Forwarded-For Header Not Working Properly with Proxy Protocol Enabled #14048
4406arthur
started this conversation in
Ideas and feature requests
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Environment
Problem Statement
When running Kong Gateway with both a standard HTTP port (8000) and a Proxy Protocol enabled port (8080), the X-Forwarded-For header handling needs improvement to work correctly in both scenarios.
Currently, the
$upstream_x_forwarded_for
variable is set uniformly without considering the presence of$proxy_protocol_addr
, which causes inconsistent behavior when requests come through the Proxy Protocol enabled port.Current Behavior
The current implementation in
kong/runloop/handler.lua
doesn't handle the Proxy Protocol case specifically, leading to potentially incorrect client IP propagation.Default nginx configuration:
Proposed Solution
Implement a failover mechanism that prioritizes
proxy_protocol_addr
when available. Here's the proposed logic change:Expected Behavior
proxy_protocol_addr
as the X-Forwarded-For valueAdditional Context
This change would improve the accuracy of client IP tracking when using mixed port configurations, especially in environments where Proxy Protocol is used for certain traffic patterns.
Related Links
Tags
enhancement
proxy-protocol
x-forwarded-for
networking
Beta Was this translation helpful? Give feedback.
All reactions