http: handle already existing X-Forwarded-For header

If an already present X-Forwarded-For header is received, concatenate the client address in the form: X-Forwarded-For: client, proxy1, proxy2 Signed-off-by: nevola <laura.garcia@zevenet.com>
2025-10-27 07:29:34 +00:00 · 2023-04-19 10:23:41 +02:00 · 2023-04-19 10:23:41 +02:00 · 8f3c1b4d66
commit 8f3c1b4d66
parent 4bc8ae9eea
3 changed files with 12 additions and 3 deletions
--- a/http.c
+++ b/http.c
@ -641,7 +641,7 @@ void do_http(thr_arg * arg)
    loc_path[MAXBUF], **headers, headers_ok[MAXHEADERS], v_host[MAXBUF],
    referer[MAXBUF], u_agent[MAXBUF], u_name[MAXBUF], caddr[MAXADDRBUFF],
    req_time[LOG_TIME_SIZE], s_res_bytes[LOG_BYTES_SIZE], *mh,
-    buf_log_tag[MAXBUF];
+    buf_log_tag[MAXBUF], h_xfwf[MAXBUF];
  char *body_buff = NULL;
  char ip_ori[MAXADDRBUFF], ip_dst[MAXADDRBUFF];
  int port_ori, port_dst;
@ -776,7 +776,7 @@ void do_http(thr_arg * arg)
    res_bytes = L0;
    is_rpc = -1;
    is_ws = 0;
-    v_host[0] = referer[0] = u_agent[0] = u_name[0] = '\0';
+    v_host[0] = referer[0] = u_agent[0] = u_name[0] = h_xfwf[0] = '\0';
    conn_closed = 0;
    for (n = 0; n < MAXHEADERS; n++)
      headers_ok[n] = 1;
@ -911,6 +911,10 @@ void do_http(thr_arg * arg)
          }
          headers_ok[n] = 0;
          break;
+        case HEADER_X_FORWARDED_FOR:
+          strcpy(h_xfwf, buf);
+          headers_ok[n] = 0;
+          break;
      }
      if (headers_ok[n] && lstn->head_off) {
        /* maybe header to be removed */
@ -1464,7 +1468,10 @@ void do_http(thr_arg * arg)
    /* put additional client IP header */
    if (cur_backend->be_type == 0) {
      addr2str(caddr, MAXADDRBUFF - 1, &from_host, 1);
-      BIO_printf(be, "X-Forwarded-For: %s\r\n", caddr);
+      if (!h_xfwf[0])
+        BIO_printf(be, "X-Forwarded-For: %s\r\n", caddr);
+	  else
+        BIO_printf(be, "X-Forwarded-For: %s, %s\r\n", h_xfwf, caddr);

      /* final CRLF */
      BIO_puts(be, "\r\n");
--- a/pound.h
+++ b/pound.h
@ -560,6 +560,7 @@ typedef enum {
 #define HEADER_EXPECT 11
 #define HEADER_STRICT_TRANSPORT_SECURITY 12
 #define HEADER_UPGRADE              13
+#define HEADER_X_FORWARDED_FOR 14

 /* control request stuff */
 typedef enum {
--- a/svc.c
+++ b/svc.c
@ -558,6 +558,7 @@ int check_header(const char *header, char *const content)
    { "Expect", 6, HEADER_EXPECT },
    { "Upgrade", 7, HEADER_UPGRADE },
    { "Strict-Transport-Security", 25, HEADER_STRICT_TRANSPORT_SECURITY },
+    { "X-Forwarded-For", 15, HEADER_X_FORWARDED_FOR },
    { "", 0, HEADER_OTHER },
  };
  int i;