Use the X-Forwarded-For address in response logs if set.#881
Use the X-Forwarded-For address in response logs if set.#881rolandjitsu wants to merge 1 commit intobuchgr:masterfrom
Conversation
rolandjitsu
force-pushed
the
master
branch
7 times, most recently
from
26f7162 to
dc3c477
Compare
|
Hi, this looks like two different changes in one PR. Could you drop the container image changes from this PR and create a new PR for that? |
Will do. |
Moved the change to #882. |
| if xff := r.Header.Get("X-Forwarded-For"); xff != "" { | ||
| // XFF format: client, proxy1, proxy2 | ||
| parts := strings.Split(xff, ",") | ||
| remoteAddr = strings.TrimSpace(parts[0]) |
There was a problem hiding this comment.
Since this is untrustworthy data, I wonder if we should log it differently?
There was a problem hiding this comment.
Let me know what you recommend. The input could be sanitized before logging.
There was a problem hiding this comment.
How about if the X-Forwarded-For header is set, instead of logging r.RemoteAddr by itself we log r.RemoteAddr (X-Forwarded-For?) with a question mark to indicate that the value is uncertain?
2 participants
When running on k8s and using a proxy such as ingress-nginx, the printed host in logs is not the user's IP. This patch will read the
X-Forwarded-Forheader and use that instead of the requestr.RemoteAddrif it's set.