From bd417a37956b9cc07d213e5ae1ad977cb77f4aef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= Date: Mon, 6 May 2024 14:05:12 +0800 Subject: [PATCH] =?UTF-8?q?=E7=BD=91=E7=AB=99=E5=85=A8=E5=B1=80=E8=AE=BE?= =?UTF-8?q?=E7=BD=AE=E4=B8=AD=E5=A2=9E=E5=8A=A0=E2=80=9CXFF=E4=B8=AD?= =?UTF-8?q?=E6=9C=80=E5=A4=9A=E5=9C=B0=E5=9D=80=E6=95=B0=E2=80=9D=E9=80=89?= =?UTF-8?q?=E9=A1=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/nodes/http_request.go | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/internal/nodes/http_request.go b/internal/nodes/http_request.go index 3a146a1..f472f17 100644 --- a/internal/nodes/http_request.go +++ b/internal/nodes/http_request.go @@ -1688,7 +1688,29 @@ func (this *HTTPRequest) setForwardHeaders(header http.Header) { if ok && len(forwardedFor) > 0 { // already exists _, hasForwardHeader := this.RawReq.Header["X-Forwarded-For"] if hasForwardHeader { - header["X-Forwarded-For"] = []string{strings.Join(forwardedFor, ", ") + ", " + rawRemoteAddr} + // 限制转发的XFF中地址数量 + if this.nodeConfig != nil && this.nodeConfig.GlobalServerConfig != nil && this.nodeConfig.GlobalServerConfig.HTTPAll.XFFMaxAddresses > 0 { + var maxForwardedAddresses = this.nodeConfig.GlobalServerConfig.HTTPAll.XFFMaxAddresses + if maxForwardedAddresses == 1 { + forwardedFor = nil + } else { + var forwardedAddresses []string + for _, forwardedHeader := range forwardedFor { + if len(forwardedHeader) > 0 { + forwardedAddresses = append(forwardedAddresses, strings.Split(forwardedHeader, ", ")...) + } + } + if len(forwardedAddresses) >= maxForwardedAddresses { + forwardedFor = []string{strings.Join(forwardedAddresses[:maxForwardedAddresses-1], ", ")} + } + } + } + + if len(forwardedFor) > 0 { + header["X-Forwarded-For"] = []string{strings.Join(forwardedFor, ", ") + ", " + rawRemoteAddr} + } else { + header["X-Forwarded-For"] = []string{rawRemoteAddr} + } } } else { var clientRemoteAddr = this.requestRemoteAddr(true)