thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2025-06-30 22:05:46 +00:00
Code Issues Releases Wiki Activity

Merge pull request #1927 from rhansen/untrusted-headers

Browse Source 
feat: Option to not trust `X-Forwarded-*` headers from clients
This commit is contained in:
Nicolas Duchon
2022-12-26 20:47:05 +01:00
committed by GitHub
parent 7c0d38cd2e 8aa00fcea2
commit 6f4f9ec20c
11 changed files with 243 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
nginx.tmpl
View File

@ -6,6 +6,7 @@
{{ $debug_all := $.Env.DEBUG }}
{{ $sha1_upstream_name := parseBool (coalesce $.Env.SHA1_UPSTREAM_NAME "false") }}
{{ $default_root_response := coalesce $.Env.DEFAULT_ROOT "404" }}
{{ $trust_downstream_proxy := parseBool (coalesce $.Env.TRUST_DOWNSTREAM_PROXY "true") }}
{{ define "ssl_policy" }}
{{ if eq .ssl_policy "Mozilla-Modern" }}
@ -150,14 +151,14 @@ upstream {{ .Upstream }} {
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
default {{ if $trust_downstream_proxy }}$http_x_forwarded_proto{{ else }}$scheme{{ end }};
'' $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
default $http_x_forwarded_port;
default {{ if $trust_downstream_proxy }}$http_x_forwarded_port{{ else }}$server_port{{ end }};
'' $server_port;
}