Rest-server behind reverse proxy log real client IP X-Forwarded-For

Hello!

I use rest-server behind reverse proxy [haproxy] for SSL termination and filter unwanted traffic.

As I see, rest-server logs “127.0.0.1” as client IP - it receives requests from local haproxy.
I configured haproxy to send X-Forwarded-For header to the rest-server.

But, it seems, rest-server ignores X-Forwarded-For header.

Could you help me, should it work or it’s a Feature Request?

Sincerely,
Ilya

I have the same problem and I tracked it to rest-server off loading the logging to “gorilla/handlers”

This is solved in “gorilla/handler” by adding the “proxy_header” middleware BEFORE the logging middleware in order to rewrite the request.

If you are happy to build the code, you can see if the following patch helps.
(disclaimer - it works for me)

diff --git mux.go mux.go
index 77fcdb4..294708e 100644
--- mux.go
+++ mux.go
@@ -21,6 +21,10 @@ func (s *Server) debugHandler(next http.Handler) http.Handler {
        })
 }

+func (s *Server) proxyHandler(next http.Handler) http.Handler {
+   return handlers.ProxyHeaders(next)
+}
+
 func (s *Server) logHandler(next http.Handler) http.Handler {
    var accessLog io.Writer

@@ -104,6 +108,9 @@ func NewHandler(server *Server) (http.Handler, error) {
    if server.Debug {
        handler = server.debugHandler(handler)
    }
+
+   handler = server.proxyHandler(handler)
+
    if server.Log != "" {
        handler = server.logHandler(handler)
    }

Just for fun, I’ve added a feature request saying this

Thanks!

It’ll be better to move this issue to https://github.com/restic/rest-server repo instead of restic client.

damn your eyes!

New feature request in the right place this time.