Hi everyone!
Is there currently a Mechanism to forward the source TCP Port of an HTTP request to, say, an nginx container? let me explain...
a good chunk of the internet these days is behind CGN (Carrier Grade NAT), meaning that the IP traefik sees, is not directly traceable to the actual client. what that means is that if you have an abuse case - maybe someone hacked your outdated wordpress? - to be able to do anything at all, you have to provide the ISP with a) a timestamp b) the (real) source IP and crucially c) the source TCP port of the request, because the way CGN typically works is that it assigns "blocks of ports" to a subscriber, and then uses ports out of that block until it is depleted, and only these blocks are logged, not individual connections.
ie subscriber A's CPE has the WAN IP 100.123.123.123, at 12:00:00 gets assigned ports range 10500-10600, and the offending HTTP request uses port 10527 out of that block - this is logged in the ISPs CGN database.
for the ISP to be able to trace this to an actual customer, they need all 3 pieces of information.
in bare nginx, you can use $remote_port in your logging definition to get the desired effect; but as far as i can see, there is no way to communicate it through X- headers .. so far?
is there something like that? how are other people solving this?