Simplify X-Forwarded-For handling

This happens in asp.net middleware now

Co-Authored-By: ta264 <ta264@users.noreply.github.com>
pull/1230/head
Qstick 2 years ago
parent 1c125733b2
commit ffb3f83324

@ -126,39 +126,7 @@ namespace Prowlarr.Http.Extensions
remoteIP = remoteIP.MapToIPv4(); remoteIP = remoteIP.MapToIPv4();
} }
var remoteAddress = remoteIP.ToString(); return remoteIP.ToString();
// Only check if forwarded by a local network reverse proxy
if (remoteIP.IsLocalAddress())
{
var realIPHeader = request.Headers["X-Real-IP"];
if (realIPHeader.Any())
{
return realIPHeader.First().ToString();
}
var forwardedForHeader = request.Headers["X-Forwarded-For"];
if (forwardedForHeader.Any())
{
// Get the first address that was forwarded by a local IP to prevent remote clients faking another proxy
foreach (var forwardedForAddress in forwardedForHeader.SelectMany(v => v.Split(',')).Select(v => v.Trim()).Reverse())
{
if (!IPAddress.TryParse(forwardedForAddress, out remoteIP))
{
return remoteAddress;
}
if (!remoteIP.IsLocalAddress())
{
return forwardedForAddress;
}
remoteAddress = forwardedForAddress;
}
}
}
return remoteAddress;
} }
public static string GetHostName(this HttpRequest request) public static string GetHostName(this HttpRequest request)

Loading…
Cancel
Save