From 2b1023f915ab33bfad598442f7ab51c3c108ba9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Tue, 21 Jan 2020 15:27:02 +0100 Subject: [PATCH 1/2] net/http/httputil: docs about X-Forwarded-For in ReverseProxy --- src/net/http/httputil/reverseproxy.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/net/http/httputil/reverseproxy.go b/src/net/http/httputil/reverseproxy.go index e8f7df29a14d4..bdac69ef9a5f5 100644 --- a/src/net/http/httputil/reverseproxy.go +++ b/src/net/http/httputil/reverseproxy.go @@ -24,6 +24,13 @@ import ( // ReverseProxy is an HTTP Handler that takes an incoming request and // sends it to another server, proxying the response back to the // client. +// ReverseProxy automatically sets the client IP as value of the +// X-Forwarded-For header. +// If a X-Forwarded-For header already exists, the client IP is +// appended to existing values. +// To prevent IP spoofing, be sure to delete any pre-existing +// X-Forwarded-For header comming from the client or +// an untrusted proxy. type ReverseProxy struct { // Director must be a function which modifies // the request into a new request to be sent From fd0bd29a181861ffdb1106b42f59f9489999ccb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Tue, 21 Jan 2020 22:46:56 +0100 Subject: [PATCH 2/2] fix review issues --- src/net/http/httputil/reverseproxy.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/net/http/httputil/reverseproxy.go b/src/net/http/httputil/reverseproxy.go index bdac69ef9a5f5..4d6a085f60ae3 100644 --- a/src/net/http/httputil/reverseproxy.go +++ b/src/net/http/httputil/reverseproxy.go @@ -24,12 +24,13 @@ import ( // ReverseProxy is an HTTP Handler that takes an incoming request and // sends it to another server, proxying the response back to the // client. -// ReverseProxy automatically sets the client IP as value of the +// +// ReverseProxy automatically sets the client IP as the value of the // X-Forwarded-For header. -// If a X-Forwarded-For header already exists, the client IP is -// appended to existing values. +// If an X-Forwarded-For header already exists, the client IP is +// appended to the existing values. // To prevent IP spoofing, be sure to delete any pre-existing -// X-Forwarded-For header comming from the client or +// X-Forwarded-For header coming from the client or // an untrusted proxy. type ReverseProxy struct { // Director must be a function which modifies