request help: How to close X-Forwarded* and X-Real-IP in requests

[Applenice]

Issue description

I don't want X-Forwarded* and X-Real-IP to appear in APISIX proxy rewrite requests, how do I configure it? I found no relevant information.

Is there a way to add, but not a way to close? I tried to configure proxy protocol in config.yaml, but it didn't work.
#1113

Environment

• apisix version (cmd: apisix version):

$ git branch -v
* master c1ac7d6 docs: add a English link of node-status.md (#2753)

[tokers]

@Applenice See https://github.com/apache/apisix/blob/master/doc/plugins/proxy-rewrite.md for details. Just some snippets reference:

headers	object	optional			Forward to the new headers of the upstream, can set up multiple. If it exists, will rewrite the header, otherwise will add the header. You can set the corresponding value to an empty string to remove a header.

[tokers]

@Applenice See https://github.com/apache/apisix/blob/master/doc/plugins/proxy-rewrite.md for details. Just some snippets reference:

headers
object
optional
 
 
Forward to the new headers of the upstream, can set up multiple. If it exists, will rewrite the header, otherwise will add the header. You can set the corresponding value to an empty string to remove a header.

Sorry, these headers are set explicitly in the nginx.conf template, which always passed to upstream.

[tokers]

@Applenice Could you introduce your demands why these headers shouldn't be passed?

[tokers]

We may need to add some notes in document of plugin proxy-rewrite to state that several headers can not be overridden/deleted by proxy-rewrite plugin (if we don't modify the existing features).

[starsz]

Hi, I think there is a temporary solution.

If your apisix version is earlier than or equal to 2.0, you can change your /bin/apisix, comment the line like this

#proxy_set_header   X-Forwarded-For      $var_x_forwarded_for;
#proxy_set_header   X-Forwarded-Proto    $var_x_forwarded_proto;
#proxy_set_header   X-Forwarded-Host     $var_x_forwarded_host;
#proxy_set_header   X-Forwarded-Port     $var_x_forwarded_port;
#proxy_set_header   X-Real-IP         $remote_addr;

and reload the apisix.

If your apisix is on the master branch, you should do the same things as above on apisix/cli/ngx_tpl.lua

[Applenice]

@Applenice Could you introduce your demands why these headers shouldn't be passed?

X-Forwarded* and X-Real-IP should be configurable, even if enabled by default, and should provide a way to disable it, for the following reasons that I can think of:

• Upstream services don't care about this information.
• The upstream service is provided by a different person or vendor and the user does not want the upstream to know this information.

[Applenice]

Hi, I think there is a temporary solution.

If your apisix version is earlier than or equal to 2.0, you can change your /bin/apisix, comment the line like this

#proxy_set_header   X-Forwarded-For      $var_x_forwarded_for;
#proxy_set_header   X-Forwarded-Proto    $var_x_forwarded_proto;
#proxy_set_header   X-Forwarded-Host     $var_x_forwarded_host;
#proxy_set_header   X-Forwarded-Port     $var_x_forwarded_port;
#proxy_set_header   X-Real-IP         $remote_addr;

and reload the apisix.

If your apisix is on the master branch, you should do the same things as above on apisix/cli/ngx_tpl.lua

Thank you for your response, I have tested this method as a temporary solution.

[github-actions]

This issue has been marked as stale due to 350 days of inactivity. It will be closed in 2 weeks if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the dev@apisix.apache.org list. Thank you for your contributions.

[github-actions]

This issue has been closed due to lack of activity. If you think that is incorrect, or the issue requires additional review, you can revive the issue at any time.