ruslan/Stend_mont
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix real IP: trust upstream forwardedHeaders in Traefik, use X-Forwarded-For[0]

Browse Source
This commit is contained in:
Ruslan
2026-05-14 07:41:51 +00:00
parent 73c7d006c7
commit a4b69b0018
2 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/main.py
+2 -4
View File
@@ -67,10 +67,7 @@ logger = logging.getLogger("portal")
templates = Jinja2Templates(directory="templates") templates = Jinja2Templates(directory="templates")
def _get_real_ip(request) -> str: def _get_real_ip(request) -> str:
"""Return real client IP. NPM sets X-Real-IP to the actual client IP.""" """Real client IP from X-Forwarded-For (Traefik trusts NPM via trustedIPs)."""
real_ip = request.headers.get("x-real-ip", "").strip()
if real_ip:
return real_ip
forwarded_for = request.headers.get("x-forwarded-for", "") forwarded_for = request.headers.get("x-forwarded-for", "")
if forwarded_for: if forwarded_for:
return forwarded_for.split(",")[0].strip() return forwarded_for.split(",")[0].strip()
@@ -494,6 +491,7 @@ async def request_access(request: Request, db: Session = Depends(get_db)):
f"{products_text}" f"{products_text}"
) )
log_event("ip_headers", xff=request.headers.get("x-forwarded-for",""), xri=request.headers.get("x-real-ip",""), client=str(request.client.host if request.client else ""))
ip = _get_real_ip(request) ip = _get_real_ip(request)
geo = _get_geo(ip) geo = _get_geo(ip)
geo_text = "" geo_text = ""
traefik/traefik.yml
+10
View File
@@ -1,8 +1,18 @@
entryPoints: entryPoints:
web: web:
address: ":80" address: ":80"
forwardedHeaders:
trustedIPs:
- "10.0.0.0/8"
- "172.16.0.0/12"
- "192.168.0.0/16"
websecure: websecure:
address: ":443" address: ":443"
forwardedHeaders:
trustedIPs:
- "10.0.0.0/8"
- "172.16.0.0/12"
- "192.168.0.0/16"
providers: providers:
docker: docker: