[ENHANCEMENTS] Automatically pass through the real IP instead of the cloudflare IP's #676
Comments
|
@hax4dazy No it do pass down the real-ip as You can try tinkering with the custom header and pass the remote IP manually to see if it helps. |
|
Well when i was on nginx it worked fine when adding the real_ip_header X-Forwarded-For; header's. When I switched to zoraxy it stopped working so I doubt its a setup issue, nothing has changed apart from my forwarder |
|
@hax4dazy Maybe this is another case of where open source projects just dont follow the |
|
Could you tell me how? I'm a bit stupid when it comes to headers and adding / removing custom headers. |
|
@hax4dazy Something like this |
|
I tried that but it didn't work. This is me logging in with fake credentials that don't exist |
|
@tobychui under https://github.com/tobychui/zoraxy/wiki/Custom-Headers there is a mention of $remote_addr rather than $remote_ip (which you mentioned here), is this a custom thing? Can i use it without worries, as $remote_addr did not do anything for me? |
|
@elsherif896 This is an experimental variable I added into the recent pre-release for removing the port number from |
|
Apologies if I'm being lazy necessarily and this has either been discussed here or is already a feature. This kind of thing usually needs a specific trust system specifically for the IP headers from upstream proxies. How I'd suggest this probably works in the future at some stage is that Zoraxy adds a list of trusted proxies, then when a request comes through a well known variable is set (maybe It may even be worth having a set of "completely trusted" proxies where headers like X-Forwarded-For are trusted to have completely correct information, and "partially trusted" proxies where headers like X-Forwarded-For are iterated over until the first untrusted IP is found (which would be the client IP since all previous IP's were partially trusted proxies). |
Is your feature request related to a problem? Please describe.
Currently, my home assistant is getting flooded with pings / bad logins. It shows the cloudflare relay IP address instead of the actual IP.
Describe the solution you'd like
Since zoraxy can block / ban IP's it would be nice if the real IP addresses was passed down so that I can just ban them.
Describe alternatives you've considered
N/A
Additional context
Not sure if this already exists, it clearly does for Zoraxy itself but it doesn't yet pass the real IP's down
The text was updated successfully, but these errors were encountered: