Skip to content

Commit

Permalink
fix: X-Forwarded-For spoofing attack; use X-Real-IP
Browse files Browse the repository at this point in the history
  • Loading branch information
@proffapt
proffapt committed Jul 4, 2024
1 parent 37a902e commit fa415e6
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
4 changes: 2 additions & 2 deletions main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ func LoggerMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
recorder := &responseRecorder{w, http.StatusOK, 0}
next.ServeHTTP(recorder, r)
log.Printf("INFO:\t%s - %q %s %d %s\n", r.Header.Get("X-Forwarded-For"), r.Method, r.RequestURI, recorder.status, http.StatusText(recorder.status))
log.Printf("INFO:\t%s - %q %s %d %s\n", r.Header.Get("X-Real-IP"), r.Method, r.RequestURI, recorder.status, http.StatusText(recorder.status))
})
}

Expand Down Expand Up @@ -124,7 +124,7 @@ func generateOtp(user User) (bool, error) {
}

func handleCampusCheck(res http.ResponseWriter, req *http.Request) {
clientIP := req.Header.Get("X-Forwarded-For")
clientIP := req.Header.Get("X-Real-IP")
if strings.Contains(clientIP, ",") {
ips := strings.Split(clientIP, ",")
clientIP = strings.TrimSpace(ips[0])
Expand Down
1 change: 1 addition & 0 deletions metaploy/heimdall.metaploy.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,6 @@ server {

location / {
proxy_pass http://heimdall_server;
proxy_set_header X-Real-IP $remote_addr;
}
}

0 comments on commit fa415e6

Please sign in to comment.