"Passing through" original IPs?

Tenou · January 16, 2020, 6:44am

My Caddy version:
v1.0.4

My Caddyfile:

my.domain.com {
proxy / 192.168.16.1:80 {
websocket
transparent
}

tls my@email.com

log stdout
errors stderr

browse
gzip
}

System environment:
Ubuntu 18.04 LTS

The problem I’m having:

For the Webserver behind caddy it seems like all requests would originate from caddy instead of the original WAN-IP of the source. Therefore, caddy often gets banned for bruteforce instead of the source of the attacks.
Is there a way to “pass-through” the original IP?

Whitestrake · January 16, 2020, 6:50am

Hi @Tenou, welcome to the Caddy community!

You’re already doing it with transparent.

That preset adds the following (among other things):

header_upstream X-Real-IP {remote}
header_upstream X-Forwarded-For {remote}

So tell your app to look for the contents of either the X-Real-IP header or the X-Forwarded-For header, and you’ll have your originating IP.

system · April 15, 2020, 6:50am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.