This patch series adds support for setting a HTTP header for passing through a client IP address for logging purposes. Two settings are introduced for /etc/default/pveproxy:
PROXY_REAL_IP_HEADER: defines a HTTP header to extract a client IP address from in the request. If the IP address is invalid, it is ignored. Otherwise, it is logged in addition to the sending peer IP address. TRUSTED_PROXY_IPS: defines a list of IP addresses or ranges that are allowed to set the header defined in PROXY_REAL_IP_HEADER. If this setting is not set, any requests with the PROXY_REAL_IP_HEADER set will have the extracted IP address logged. pve-docs: Thomas Skinner (1): fix #5699: pveproxy: add docs for real IP support pveproxy.adoc | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) pve-http-server: Thomas Skinner (1): fix #5699: pveproxy: add library methods for real IP support src/PVE/APIServer/AnyEvent.pm | 43 ++++++++++++++++++++++++++++++++--- src/PVE/APIServer/Utils.pm | 15 ++++++++++++ 2 files changed, 55 insertions(+), 3 deletions(-) pve-manager: Thomas Skinner (1): fix #5699: pveproxy: add settings for real IP support PVE/Service/pveproxy.pm | 2 ++ 1 file changed, 2 insertions(+) -- 2.39.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
