ruslan/Stend_mont
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix real IP: trust upstream forwardedHeaders in Traefik, use X-Forwarded-For[0]

Browse Source
This commit is contained in:
Ruslan
2026-05-14 07:41:51 +00:00
parent 73c7d006c7
commit a4b69b0018
2 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/main.py
+2 -4
View File
@@ -67,10 +67,7 @@ logger = logging.getLogger("portal")
templates = Jinja2Templates(directory="templates")
def _get_real_ip(request) -> str:
"""Return real client IP. NPM sets X-Real-IP to the actual client IP."""
real_ip = request.headers.get("x-real-ip", "").strip()
if real_ip:
return real_ip
"""Real client IP from X-Forwarded-For (Traefik trusts NPM via trustedIPs)."""
forwarded_for = request.headers.get("x-forwarded-for", "")
if forwarded_for:
return forwarded_for.split(",")[0].strip()
@@ -494,6 +491,7 @@ async def request_access(request: Request, db: Session = Depends(get_db)):
f"{products_text}"
)
log_event("ip_headers", xff=request.headers.get("x-forwarded-for",""), xri=request.headers.get("x-real-ip",""), client=str(request.client.host if request.client else ""))
ip = _get_real_ip(request)
geo = _get_geo(ip)
geo_text = ""