added X-Forwarded header before HTTP proxy

This commit is contained in:
tigerbot 2017-05-17 18:43:44 -06:00
parent df3a818914
commit 47bcdcf2a6
1 changed files with 24 additions and 0 deletions

View File

@ -275,6 +275,30 @@ module.exports.create = function (deps, conf, greenlockMiddleware) {
return false;
}
var index = opts.firstChunk.indexOf('\r\n\r\n');
var body = opts.firstChunk.slice(index);
var head = opts.firstChunk.slice(0, index).toString();
var headLines = head.split('\r\n');
// First strip any existing `X-Forwarded-*` headers (for security purposes?)
headLines = headLines.filter(function (line) {
return !/^x-forwarded/i.test(line);
});
// Then add our own `X-Forwarded` headers at the end.
if (conf.http.trustProxy && headers['x-forwarded-proto']) {
headLines.push('X-Forwarded-Proto: ' + headers['x-forwarded-proto']);
} else {
headLines.push('X-Forwarded-Proto: ' + conn.encrypted ? 'https' : 'http');
}
var proxyChain = (headers['x-forwarded-for'] || '').split(/ *, */).filter(Boolean);
proxyChain.push(opts.remoteAddress || opts.address || conn.remoteAddress);
headLines.push('X-Forwarded-For: ' + proxyChain.join(', '));
headLines.push('X-Forwarded-Host: ' + headers.host);
// Then convert all of the head lines back into a header buffer.
head = Buffer.from(headLines.join('\r\n'));
opts.firstChunk = Buffer.concat([head, body]);
var newConnOpts = separatePort(mod.address);
newConnOpts.servername = separatePort(headers.host).host;
newConnOpts.data = opts.firstChunk;