Trusted proxies

How to configure trusted proxies to control proxied connections

When a request with the header X-Forwarded-For is sent to the router, the router will check if the client is in the list of trusted proxies. If the client is not a trusted proxy, the router will drop the connection, returning an empty reply to the client. If the client is a trusted proxy, the IP address defined in the X-Forwarded-For will be regarded as the client’s IP address.

The list of trusted proxies can be configured by modifying the configuration field services.routing.settings.trustedProxies with the IP addresses of trusted proxies:

$ confcli services.routing.settings.trustedProxies -w
Running wizard for resource 'trustedProxies'
<A list of IP addresses from which the proxy IP address of requests with the X-Forwarded-For header defined are checked. If the IP isn't in this list, the connection is dropped. (default: [])>

Hint: Hitting return will set a value to its default.
Enter '?' to receive the help string

trustedProxies <A list of IP addresses from which the proxy IP address of requests with the X-Forwarded-For header defined are checked. If the IP isn't in this list, the connection is dropped. (default: [])>: [
  trustedProxy (default: ): 1.2.3.4
  Add another 'trustedProxy' element to array 'trustedProxies'? [y/N]: n
]
Generated config:
{
  "trustedProxies": [
    "1.2.3.4"
  ]
}
Merge and apply the config? [y/n]: y

Note that by configuring 0.0.0.0/0 as a trusted proxy, all proxied requests will be trusted.