How to redact Cf-Connecting-Ip header

Help
1

1. The problem I’m having:

I’m trying to strip / redact certain Headers values, but it seems it’s not working.

2. Error messages and/or full log output:

No error and the logs are ok.

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

Downloaded from Debian 12 repository.

caddy/now 2.7.6 amd64 [installed,local]
  Caddy - Powerful, enterprise-ready, open source web server with automatic HTTPS written in Go

a. System environment:

Debian 12

b. Command:

From the service

/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

d. My complete Caddy config:

{
	order coraza_waf first
}

:8443 {
	tls /home/user/.caddy/certs/cert.pem /home/user/.caddy/certs/key.pem

	file_server {
		root /home/user/.caddy/pages/
	}

	handle_errors {
		rewrite * /home/user/.caddy/pages/{err.status_code}.html
		file_server
	}

	@validHost {
		header Host gateway.x.com
	}

	@newHost {
		header Host chat.x.com
	}

	route @newHost {
		header Host "chat.x.com"
		reverse_proxy https://chat-server.internal.lan {
			header_up CF-*
			header_up Cf-*
		}
	}

	route @validHost {
		coraza_waf {
			load_owasp_crs
			directives `
			Include @coraza.conf-recommended
			Include @crs-setup.conf.example
			Include @owasp_crs/*.conf
			SecRuleEngine Off
			`
		}

		route /guacamole/* {
			header Host "guacamole.internal.lan"
			reverse_proxy http://guacamole.internal.lan:8080 {
				header_up CF-*
				header_up Cf-*
			}
		}

		route /board/* {
			header Host "chat-server.internal.lan"
			uri strip_prefix /board
			reverse_proxy https://chat-server.internal.lan:8443 {
				header_up CF-*
				header_up Cf-*
			}
		}

		route /vault/* {
			header Host "vault.internal.lan"
			uri strip_prefix /vault
			reverse_proxy https://vault.internal.lan {
				header_up CF-*
				header_up Cf-*
			}
		}

		route /siem/* {
			header Host "siem.internal.lan"
			reverse_proxy https://siem.internal.lan:5601 {
				header_up CF-*
				header_up Cf-*
			}
		}

		route /uptime/* {
			header Host "chat-server.internal.lan"
			reverse_proxy https://chat-server.internal.lan {
				header_up CF-*
				header_up Cf-*
			}
		}
	}

	log {
		format filter {
			wrap json
			fields {
				request>headers>Cf-Connecting-Ip delete
				request>headers>Cf-Ipcountry delete
			}
		}
		output file /home/user/.caddy/access.log {
			roll_keep_for 24h
			roll_keep 2
		}
	}

	header {
		-Server
		-Alt-Svc
		Server "MyRevProxy/1.0.0-beta"
		header {
			Strict-Transport-Security max-age=63072000;includeSubDomains;preload
			X-Content-Type-Options nosniff
			X-Frame-Options SAMEORIGIN
			X-Robots-Tag none
		}
	}
}

NOTE: I use coraza waf, but it is disabled at the moment of testing.
I alos tried request>headers>Cf-Connecting-Ip>[0] delete, but didn’t work.

5. Links to relevant resources:

I used the official docs, questions and answers from this forum as well.

Do you guys have any advice? Thanks in advance.

In the logs it still shows inside the json as:

 ],
      "X-Forwarded-For": [
        "172.71.114.154"
      ],
      "Cf-Connecting-Ip": [
        "x.x.x.x"
      ],
      "Sec-Fetch-Site": [
        "none"
      ],
      "Priority": [
        "u=0, i"
2

You want the filter log formatter to edit what’s being logged

2 Likes
3

Thanks, I will check and get back at you!

Thanks a lot!

4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.