I'm using traefik 1.7 as my kubernetes ingress controller, and found several specific issues detailed below. I'm wondering whether upgrading to traefik 2 will solve these issues, or maybe whether they can be solved under 1.7.
With every incoming HTTP request, traefik automatically adds the client IP address to the HTTP headers
X-Real-IP. When the incoming request already have these headers, traefik appends the new client IP to
X-Forwarded-For, but keeps
X-Real-IPunchanged. This allows clients to spoof
When the request is a WebSocket request, traefik does not add
These two issues combined means I have no reliable way of retrieving the real client IP address for WebSocket requests. I can't use
X-Forwarded-For because it's not there, and I can't use
X-Real-IP because it can be trivially spoofed by the client.
Ultimately, I just need to get client IP addresses for incoming WebSocket requests. Can traefik do that, either with 1.x or 2.x?