Caddy X-Forwarded Header problems after updating to 26.1.3

Started by Fórest, Today at 05:06:05 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 05:06:05 PM
Hi,

after updating to 26.1.3 I have X-Forwarded Header problems with Caddy.

Before the update the headers on a proxy backend looked like this:

Host: domain.xyz.de
X-Forwarded-For: 192.168.10.171, 192.168.100.1
X-Forwarded-Host: domain.xyz.de, domain.xyz.de
X-Forwarded-Proto: https
X-Forwarded-Server: 127.0.1.1

After the update the headers a looking like this:

Host: 192.168.100.150
X-Forwarded-For: 192.168.10.171
X-Forwarded-Host: 192.168.100.150
X-Forwarded-Server: 127.0.1.1

Under Caddy/Reverse Proxy/Headers I didn't configure any custom headers. Under General Settings/Advanced is for Client IP Headers the default X-Forwarded-For selected.

Any idea what broke this or is this a problem with the latest Caddy update?
Today at 05:35:17 PM #1
Most likely this change upstream?

https://github.com/caddyserver/caddy/pull/7454
Hardware:
DEC740
Today at 05:51:01 PM #2 Last Edit: Today at 05:52:46 PM by Patrick M. Hausen
That makes sense. I did not notice any problems at first, because I run (almost) all of my backend services over HTTP.

Only Crafty (a minecraft server manager) is via HTTPS, because they made the debatable choice to enforce HTTPS for all communication, even if a reverse proxy is in place. So be it.

Promptly web sockets stopped working. I could fix it by adding a header configuration in Caddy like this:



Activate in your handler under Transport: HTTP Headers, afterwards.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 05:57:20 PM #3
Yup this looks like the right fix indeed, good that the plugin was always flexible with headers.

Im sure more users with tls skip verify will run into this over time, thanks for the screenshots :)
Hardware:
DEC740
Print
Go Up Pages1
User actions