Lua script to render an unmodified X-Forwarded-For header

piger · piger · commit e2b0ce157638 · 2022-04-09T15:04:56.000+01:00
diff --git a/inner-proxy/conf/conf.d/default.conf b/inner-proxy/conf/conf.d/default.conf
@@ -12,7 +12,8 @@ server {
     }
 
     location /app {
-        proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
+        proxy_set_header  X-Bad-Forwarded-For  $proxy_add_x_forwarded_for;
+        proxy_set_header  X-Forwarded-For  $realip_add_x_forwarded_for;
         proxy_set_header  X-Real-IP        $remote_addr;
         proxy_pass http://backend;
     }
diff --git a/inner-proxy/conf/lua/realip-x-forwarded-for.lua b/inner-proxy/conf/lua/realip-x-forwarded-for.lua
@@ -0,0 +1,11 @@
+local _M = {}
+
+function _M.run()
+    if (ngx.var.http_x_forwarded_for == "" or ngx.var.http_x_forwarded_for == nil) then
+        ngx.var.realip_add_x_forwarded_for = ngx.var.realip_remote_addr
+    else
+        ngx.var.realip_add_x_forwarded_for = ngx.var.http_x_forwarded_for .. ", " .. ngx.var.realip_remote_addr
+    end
+end
+
+return _M
diff --git a/inner-proxy/conf/nginx.conf b/inner-proxy/conf/nginx.conf
@@ -93,6 +93,11 @@ http {
     set_real_ip_from 10.20.30.2/32;
     real_ip_header X-Forwarded-For;
 
+    map $request $realip_add_x_forwarded_for { default ""; }
+    access_by_lua_block {
+        require("realip-x-forwarded-for").run()
+    }
+
     # Include the rest of the configuration
     include /etc/nginx/conf.d/*.conf;
 }

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,8 @@ server {`
`12`	`12`	`}`
`13`	`13`
`14`	`14`	`location /app {`
`15`		`- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
	`15`	`+ proxy_set_header X-Bad-Forwarded-For $proxy_add_x_forwarded_for;`
	`16`	`+ proxy_set_header X-Forwarded-For $realip_add_x_forwarded_for;`
`16`	`17`	`proxy_set_header X-Real-IP $remote_addr;`
`17`	`18`	`proxy_pass http://backend;`
`18`	`19`	`}`