caddy

mirror/caddy

Fork 0

mirror of https://github.com/caddyserver/caddy.git synced 2026-02-14 09:40:56 -05:00

Commit Graph

Author	SHA1	Message	Date
XYenon	03e6e439dd	reverseproxy: fix X-Forwarded-* headers for Unix socket requests (#7463 ) When a request arrives via a Unix domain socket (RemoteAddr == "@"), net.SplitHostPort fails, causing addForwardedHeaders to strip all X-Forwarded-* headers even when the connection is trusted via trusted_proxies_unix. Handle Unix socket connections before parsing RemoteAddr: if untrusted, strip headers for security; if trusted, let clientIP remain empty (no peer IP for a Unix socket hop) and fall through to the shared header logic, preserving the existing XFF chain without appending a spurious entry. Amp-Thread-ID: https://ampcode.com/threads/T-019c4225-a0ad-7283-ac56-e2c01eae1103 Co-authored-by: Amp <amp@ampcode.com>	2026-02-10 13:00:20 -07:00
Paulo Henrique	62134d65af	reverseproxy: fix error when remote address is not an IP (#7429 )	2026-01-13 19:52:56 +00:00

Author

SHA1

Message

Date

XYenon

03e6e439dd

reverseproxy: fix X-Forwarded-* headers for Unix socket requests (#7463 )

When a request arrives via a Unix domain socket (RemoteAddr == "@"),
net.SplitHostPort fails, causing addForwardedHeaders to strip all
X-Forwarded-* headers even when the connection is trusted via
trusted_proxies_unix.

Handle Unix socket connections before parsing RemoteAddr: if untrusted,
strip headers for security; if trusted, let clientIP remain empty (no
peer IP for a Unix socket hop) and fall through to the shared header
logic, preserving the existing XFF chain without appending a spurious
entry.

Amp-Thread-ID: https://ampcode.com/threads/T-019c4225-a0ad-7283-ac56-e2c01eae1103

Co-authored-by: Amp <amp@ampcode.com>

2026-02-10 13:00:20 -07:00

Paulo Henrique

62134d65af

reverseproxy: fix error when remote address is not an IP (#7429 )

2026-01-13 19:52:56 +00:00

2 Commits