You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by "cverdela (via GitHub)" <gi...@apache.org> on 2023/05/23 09:48:59 UTC
[GitHub] [apisix] cverdela opened a new issue, #9530: help request: 请问下如何去掉X-Forwarded-For等信息 不让上游获得
cverdela opened a new issue, #9530:
URL: https://github.com/apache/apisix/issues/9530
### Description
翻译请问下如何去掉X-Forwarded-For等信息 不让上游获得
### Environment
- APISIX version (run `apisix version`):
- Operating system (run `uname -a`):
- OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
- etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`):
- APISIX Dashboard version, if relevant:
- Plugin runner version, for issues related to plugin runners:
- LuaRocks version, for installation issues (run `luarocks --version`):
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] cverdela commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "cverdela (via GitHub)" <gi...@apache.org>.
cverdela commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1567636003
Some upstream services may determine whether they have been proxied or not based on the X-Forwarded-Host header and respond differently accordingly. I hope that apisix can be agnostic to this when communicating with them
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] shreemaan-abhishek commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "shreemaan-abhishek (via GitHub)" <gi...@apache.org>.
shreemaan-abhishek commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1566871710
@cverdela by the way, you can use the `serverless-post-function` plugin to achieve your goal:
```
"serverless-post-function": {
"phase": "access",
"functions" : ["return function() return require(\"apisix.core\").request.set_header(ctx, "X-Forwarded-For", ""); end"]
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access [apisix]
Posted by "kayx23 (via GitHub)" <gi...@apache.org>.
kayx23 commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1853260361
Alternatively you can [rewrite with `proxy-rewrite`](https://github.com/apache/apisix/pull/8200) to something trivial? cc: @monkeyDluffy6017
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] shreemaan-abhishek commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "shreemaan-abhishek (via GitHub)" <gi...@apache.org>.
shreemaan-abhishek commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1566591840
Take a look at the dockerfile here: https://github.com/apache/apisix-docker/blob/master/debian/Dockerfile
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access [apisix]
Posted by "dylanoy (via GitHub)" <gi...@apache.org>.
dylanoy commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-2065674070
I've tried all the suggestions mentioned above, including:
```
ngx.req.proxy_set_header('X-Forwarded-For', '127.0.0.1')`
```
```
ngx.var.var_x_forwarded_for='127.0.0.1'
```
```
require('apisix.core').request.set_header(ctx, 'X-Forwarded-For', '')
```
and using
```json
"proxy-rewrite": {
"headers": {
"remove": [
"X-Forwarded-For",
"X-Real-IP"
]
}
}
```
However, none of these methods were able to remove the X-Forwarded-For header sent to the upstream server or modify its value. I also couldn't change the value of X-Real-IP.
Finally, I found a solution by referring to the realip module. Using the following configuration, I was able to successfully modify the X-Real-IP and X-Forwarded-For headers sent to the upstream server:
```json
"serverless-post-function": {
"functions": [
"return function() local _, client = pcall(require, 'resty.apisix.client')\nclient.set_real_ip('127.0.0.1', 80); end"
],
"phase": "rewrite"
}
```
I'm sharing this here as a reference for anyone who encounters the same issue or needs to modify these two header values.
Hope everyone has a wonderful day
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] cverdela commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "cverdela (via GitHub)" <gi...@apache.org>.
cverdela commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1562315201
so it was a bug?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] shreemaan-abhishek commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "shreemaan-abhishek (via GitHub)" <gi...@apache.org>.
shreemaan-abhishek commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1566577033
@cverdela No this is not a bug but by design.
`forward-auth` will always be executed after `proxy-rewrite` because `forward-auth` gets executed in the `access` phase of nginx and `proxy-rewrite` gets executed in the `rewrite` phase.
<img width="851" alt="image" src="https://github.com/apache/apisix/assets/61597896/5cce73da-682e-44a9-9d66-3aca9a1c1e6f">
[Learn more](https://api7.ai/learning-center/openresty/knowledge-of-nginx-used-in-openresty#execution-phase)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] cverdela commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "cverdela (via GitHub)" <gi...@apache.org>.
cverdela commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1566580976
I only want to remove X-Forwarded-Host
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] cverdela commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "cverdela (via GitHub)" <gi...@apache.org>.
cverdela commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1566594216
Sorry, I didn't understand what you meant
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] cverdela commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "cverdela (via GitHub)" <gi...@apache.org>.
cverdela commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1567636351
Some upstream services may determine whether they have been proxied or not based on the X-Forwarded-Host header and respond differently accordingly. I hope that apisix can be agnostic to this when communicating with them
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] shreemaan-abhishek commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "shreemaan-abhishek (via GitHub)" <gi...@apache.org>.
shreemaan-abhishek commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1571849320
@cverdela which plugins are you using?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] shreemaan-abhishek commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "shreemaan-abhishek (via GitHub)" <gi...@apache.org>.
shreemaan-abhishek commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1560548320
If you were using forward auth or real ip plugins, you can change the plugin execution order and then retry.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] cverdela commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "cverdela (via GitHub)" <gi...@apache.org>.
cverdela commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1560544565
I have tried it before
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] acx-1 commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "acx-1 (via GitHub)" <gi...@apache.org>.
acx-1 commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1596839272
Hello! you can try this.It works on me. @cverdela
```lua
{
"plugins": {
"serverless-post-function": {
"phase": "access",
"functions": [
"return function() ngx.var.var_x_forwarded_for=''; end"
]
}
}
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] cverdela commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "cverdela (via GitHub)" <gi...@apache.org>.
cverdela commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1567650037
For example, some upstream services may have an HMAC-like verification process. They detect the X-Forwarded-Host header and assume that relevant information needs to be included in the signature. For consumers who previously made direct calls, this requires a change in behavior.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] shreemaan-abhishek commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "shreemaan-abhishek (via GitHub)" <gi...@apache.org>.
shreemaan-abhishek commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1568012389
> I want to remove X-Forwarded-Host not set it null
In theory, setting the header as an empty string i.e. `""`. should remove the header.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access [apisix]
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 closed issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
URL: https://github.com/apache/apisix/issues/9530
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] shreemaan-abhishek commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "shreemaan-abhishek (via GitHub)" <gi...@apache.org>.
shreemaan-abhishek commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1560468244
You can use `proxy-rewrite`'s `headers.remove` option.
<img width="863" alt="image" src="https://github.com/apache/apisix/assets/61597896/cbfc3667-d46c-4379-818b-a24b4c37cbd5">
https://apisix.apache.org/docs/apisix/plugins/proxy-rewrite/
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] cverdela commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "cverdela (via GitHub)" <gi...@apache.org>.
cverdela commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1560555257
router
```
{
"name": "dgc",
"uris": ["/*"],
"upstream": {
"scheme": "http",
"type": "roundrobin",
"nodes": {
"10.154.97.26": 1
}
},
"plugins": {
"proxy-rewrite": {
"_meta": {
"priority": 1
},
"host": "10.157.95.18",
"headers": {
"remove": [
"X-Forwarded-Host"
]
}
}
}
}
```
wireshark
`Hypertext Transfer Protocol
GET /SALE/0200_012_FMHITEM_GET?page_num=1&page_size=1 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): GET /SALE/0200_012_FMHITEM_GET?page_num=1&page_size=1 HTTP/1.1\r\n]
[GET /SALE/0200_012_FMHITEM_GET?page_num=1&page_size=1 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: GET
Request URI: /SALE/0200_012_FMHITEM_GET?page_num=1&page_size=1
Request URI Path: /SALE/0200_012_FMHITEM_GET
Request URI Query: page_num=1&page_size=1
Request URI Query Parameter: page_num=1
Request URI Query Parameter: page_size=1
Request Version: HTTP/1.1
Host: 10.157.95.18\r\n
X-Real-IP: 172.27.0.1\r\n
X-Forwarded-For: 172.27.0.1\r\n
X-Forwarded-Proto: http\r\n
X-Forwarded-Host: localhost\r\n
X-Forwarded-Port: 9080\r\n
cache-control: no-cache\r\n
Postman-Token: e4db838e-b1c7-4eb9-aff5-6fba38024c09\r\n
User-Agent: PostmanRuntime/6.4.1\r\n
Accept: */*\r\n
cookie: saplb_*=(znbb-piq-01_PIQ_00)2115550; JSESSIONID=nSU_zzPOlkLzdaFeaWyzpu-pmENBiAHeRyAA_SAPXvsAyyytyaJax6W6v32HFdJ1; JSESSIONMARKID=S4KK8ADl8ke3u7R2HtHnBkpR-ppFISB03eA95HIAA\r\n
accept-encoding: gzip, deflate\r\n
\r\n
[Full request URI: http://10.157.95.18/SALE/0200_012_FMHITEM_GET?page_num=1&page_size=1]
[HTTP request 1/1]
[Response in frame: 19]
`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access [apisix]
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1853320166
@cverdela have you solved your problem?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access [apisix]
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1859640948
considered resolved
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] shreemaan-abhishek commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "shreemaan-abhishek (via GitHub)" <gi...@apache.org>.
shreemaan-abhishek commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1566597042
sorry wrong window.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] cverdela commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "cverdela (via GitHub)" <gi...@apache.org>.
cverdela commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1573052648
only this
```
{
"name": "dgc",
"uris": ["/*"],
"upstream": {
"scheme": "http",
"type": "roundrobin",
"nodes": {
"10.154.97.26": 1
}
},
"plugins": {
"serverless-post-function": {
"phase": "access",
"functions" : ["return function() return require(\"apisix.core\").request.set_header(ctx, \"X-Forwarded-For\", \"\"); end"]
}
}
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] cverdela commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "cverdela (via GitHub)" <gi...@apache.org>.
cverdela commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1567622808
I want to remove X-Forwarded-Host not set it null
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] cverdela commented on issue #9530: May I ask how to remove X-Forwarded For X-Forwarded Host and other information to prevent upstream access
Posted by "cverdela (via GitHub)" <gi...@apache.org>.
cverdela commented on issue #9530:
URL: https://github.com/apache/apisix/issues/9530#issuecomment-1569356132
nvalid request body: Expected comma or array end but found invalid token at character 394
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org