Teleport rejects traffic as X-Forwarded-For conttains multiple IPs

danielallin · March 14, 2024, 4:34am

Hi there,

I am having two issues with running Teleport behind Traefik Proxy (https://goteleport.com/). We are proxying traffic through Cloudflare and therefore the X-Forwarded-For header contains multiple ip addresses once it hits the Teleport server. Teleport rejects this as a security measure and expects only one IP address in this Header. Is there a way to do this? My traefik.yml file contains the following for the entrypoints:

proxyProtocol:
  trustedIPs:
    - "cloudflare_ips"
forwardedHeaders:
  trustedIPs:
    - "cloudflare_ips"

In Teleport i have to set X-Forwarded-For to true however when doing this i get the error and cant use teleport but when disabled its using the cloudflare ips (not the actual client ip).

Any help is greatly appreciated, thanks.

bluepuma77 · March 14, 2024, 5:34pm

It’s common practice to chain IPs in the header when multiple proxys are used on the way, even Wikipedia says so.

I would open a ticket with Teleport, tell them to please follow the Internet standard.

Topic		Replies	Views
How can I get X-Forwarded-For working? It's currently only containing a single ip when there should be more Traefik v2 (latest) docker-swarm	1	1885	June 15, 2022
Traefik v2 X-Forwarded-For append multiple ip addresses Traefik Mesh	4	1697	December 24, 2021
Traefik v2 X-Forwarded-For append multiple ip addresses - moved from wrong section Traefik v2 (latest) docker , consul-catalog	3	1643	January 14, 2021
Is this a Docker or a Traefik bug \| X-Forwarded-For and X-Real-Ip not correctly transmitted? Traefik v1 docker	14	9237	May 16, 2023
Redirect cloud.domain.com to other host Traefik v2 (latest) docker , file , tcp	5	492	February 25, 2020

Teleport rejects traffic as X-Forwarded-For conttains multiple IPs

Related Topics