The header X-Forwarded-For contains multiple IPs

zerros · December 7, 2022, 8:19pm

Hello,

I'm trying to get de real IP in header X-Forwarded-For. I'm using an external LB from my cloud provider and the LB create these three headers:

X-Forwarded-For
X-Forwarded-Proto
X-Forwarded-Port

Traefik service is running on nodePort, and externalTraffic is set to Local.

When The request is forwarded by traefik to the pod, I can see these headers:

* x-forwarded-for: "<client ip sent my ext LB>, <internal ip of the LB>",
* x-forwarded-host: "domain.org",
* x-forwarded-port: "443",
* x-forwarded-proto: "https",
* x-forwarded-server: "traefik-6zm95",
* x-real-ip: "<internal ip of the LB>"

As we can see, traefik is adding the internal ip of the LB in x-forwarded-for, and create a new header called x-real-ip that contains the bad IP.

How can I configure traefik to not deal at all with these headers as they already have set by the external LB ?

Thanks for your help.

bluepuma77 · December 13, 2022, 9:33pm

There are some community middlewares available to get the real IP, maybe they can help.

Topic		Replies	Views
X-Forwarded-For missing Traefik v2 (latest) kubernetes-ingress	3	7184	July 7, 2022
Getting real client IP (X-FORWARDED-FOR) in k3s multi-server HA setup Traefik v2 (latest) rancher , kubernetes-ingress , tcp	5	2267	March 17, 2024
Wrong IP picked by X-Real-IP from X-Forwarded-For IPs Traefik v2 (latest) kubernetes-ingress	2	280	January 7, 2024
WebSockets, X-Forwarded-For and X-Real-IP spoofing Traefik v2 (latest) kubernetes-ingress	0	1336	July 1, 2021
Is there a way to hack the way Traefik deals with X-Forwarded-For headers? Traefik v1 kubernetes-ingress	4	3723	June 30, 2019

The header X-Forwarded-For contains multiple IPs

Related Topics