cmd/anubis: set X-Real-Ip based on X-Forwarded-For (#63)

techaro.lol / anubis

fork atom

Weighs the soul of incoming HTTP requests to stop AI crawlers

fork atom

This triggers a SHAME release[0].

[0]: https://pridever.org/

authored by

Xe Iaso and committed by

GitHub 11 months ago 07e66954 a9777a31

+27 -1

6 changed files

expand all

unified split

VERSION

cmd

anubis

main.go

docs

CHANGELOG.md

go.mod

go.sum

internal

headers.go

+1 -1

VERSION

··· 1 - 1.14.0 1 + 1.14.1

cmd/anubis/main.go

··· 214 214 var h http.Handler 215 215 h = mux 216 216 h = internal.DefaultXRealIP(*debugXRealIPDefault, h) 217 + h = internal.XForwardedForToXRealIP(h) 217 218 218 219 srv := http.Server{Handler: h} 219 220 listener, url := setupListener(*bindNetwork, *bind)

docs/docs/CHANGELOG.md

··· 11 11 12 12 ## [Unreleased] 13 13 14 + ## v1.14.1 15 + 16 + Livia sas Junius: Echo 1 17 + 18 + - Set the `X-Real-Ip` header based on the contents of `X-Forwarded-For` 19 + [#62](https://github.com/TecharoHQ/anubis/issues/62) 20 + 14 21 ## v1.14.0 15 22 16 23 Livia sas Junius

go.mod

··· 34 34 github.com/prometheus/client_model v0.6.1 // indirect 35 35 github.com/prometheus/common v0.62.0 // indirect 36 36 github.com/prometheus/procfs v0.15.1 // indirect 37 + github.com/sebest/xff v0.0.0-20210106013422-671bd2870b3a // indirect 37 38 golang.org/x/mod v0.24.0 // indirect 38 39 golang.org/x/net v0.37.0 // indirect 39 40 golang.org/x/sync v0.12.0 // indirect

go.sum

··· 59 59 github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I= 60 60 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= 61 61 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= 62 + github.com/sebest/xff v0.0.0-20210106013422-671bd2870b3a h1:iLcLb5Fwwz7g/DLK89F+uQBDeAhHhwdzB5fSlVdhGcM= 63 + github.com/sebest/xff v0.0.0-20210106013422-671bd2870b3a/go.mod h1:wozgYq9WEBQBaIJe4YZ0qTSFAMxmcwBhQH0fO0R34Z0= 62 64 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 63 65 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= 64 66 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=

+15

internal/headers.go

··· 5 5 "net/http" 6 6 7 7 "github.com/TecharoHQ/anubis" 8 + "github.com/sebest/xff" 8 9 ) 9 10 10 11 // UnchangingCache sets the Cache-Control header to cache a response for 1 year if ··· 33 34 next.ServeHTTP(w, r) 34 35 }) 35 36 } 37 + 38 + // XForwardedForToXRealIP sets the X-Real-Ip header based on the contents 39 + // of the X-Forwarded-For header. 40 + func XForwardedForToXRealIP(next http.Handler) http.Handler { 41 + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 42 + if xffHeader := r.Header.Get("X-Forwarded-For"); r.Header.Get("X-Real-Ip") == "" && xffHeader != "" { 43 + ip := xff.Parse(xffHeader) 44 + slog.Debug("setting x-real-ip", "val", ip) 45 + r.Header.Set("X-Real-Ip", ip) 46 + } 47 + 48 + next.ServeHTTP(w, r) 49 + }) 50 + }