DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor X-Forwarded-* headers

Browse source
This commit is contained in:
Manuel de Brito Fontes 2017-09-17 15:03:05 -03:00
parent f478084cd8
commit f38f49e770
5 changed files with 85 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

24
controllers/nginx/pkg/template/template.go
View file

@ -32,6 +32,7 @@ import (
"github.com/golang/glog"
"github.com/pborman/uuid"
apiv1 "k8s.io/api/core/v1"
extensions "k8s.io/api/extensions/v1beta1"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/ingress/controllers/nginx/pkg/config"
@ -158,6 +159,8 @@ var (
"buildAuthSignURL": buildAuthSignURL,
"isValidClientBodyBufferSize": isValidClientBodyBufferSize,
"buildForwardedFor": buildForwardedFor,
"trustHTTPHeaders": trustHTTPHeaders,
"trustProxyProtocol": trustProxyProtocol,
}
)
@ -657,3 +660,24 @@ func buildForwardedFor(input interface{}) string {
ffh = strings.ToLower(ffh)
return fmt.Sprintf("$http_%v", ffh)
}
func trustHTTPHeaders(input interface{}) bool {
conf, ok := input.(config.TemplateConfig)
if !ok {
return true
}
return conf.Cfg.RealClientFrom == "http-proxy" ||
(conf.Cfg.RealClientFrom == "auto" && !conf.Cfg.UseProxyProtocol &&
(conf.PublishService != nil && conf.PublishService.Spec.Type == apiv1.ServiceTypeLoadBalancer))
}
func trustProxyProtocol(input interface{}) bool {
conf, ok := input.(config.TemplateConfig)
if !ok {
return true
}
return conf.Cfg.RealClientFrom == "tcp-proxy" ||
(conf.Cfg.RealClientFrom == "auto" && !conf.Cfg.UseProxyProtocol)
}