context.caller.request.ip hidden behind proxy

[antonio0]

Background:
#1196
https://community.forestadmin.com/t/access-to-request-headers-in-context/7539

On our deployment, I see this value often being something like "::ffff:10.1.12.32". This seems to be quite obviously an internal IP address from our internal proxies / load balancer.

I did some research in the code and found this comes from Koa framework. From Koa's doc:

request.ip

Request remote address. Supports X-Forwarded-For when app.proxy is true.

Would it be possible to configure or set by default app.proxy=true so we can use the caller.ip as intended?

[Scra3]

Hello,
I'm checking our codebase and by default the client IP should be already forwarded.

handler = new Koa().use(router.routes()).callback();

I checked the koa code source and the X-Forwarded-for should be the default value. https://github.com/koajs/koa/blob/af0547d5f6330466c4e6c4c5034cea3f4cba6a74/lib/application.js#L55

Could you try on your side to monkey patch our code source to force the X-Forwarded-for option please:

handler = new Koa({ proxyIpHeader: 'X-Forwarded-for' }).use(router.routes()).callback();

Let me know if the issue is fixed with that. In this case, we will work on a patch to allow our customer to custom this Koa options. 🙏

[antonio0]

Hi @Scra3

I haven't tried patching but I looked at Koa's source code (https://github.com/koajs/koa/blob/af0547d5f6330466c4e6c4c5034cea3f4cba6a74/lib/request.js) and I don't think it would work. We are using the .ip() getter below, which depends on the .ips() getter. If app.proxy is false, .ips() returns an empty array which in turn makes .ip() return this.socket.remoteAddress.

  get ips () {
    const proxy = this.app.proxy
    const val = this.get(this.app.proxyIpHeader)
    let ips = proxy && val
      ? splitCommaSeparatedValues(val)
      : []
    if (this.app.maxIpsCount > 0) {
      ips = ips.slice(-this.app.maxIpsCount)
    }
    return ips
  },

  get ip () {
    if (!this[IP]) {
      this[IP] = this.ips[0] || this.socket.remoteAddress || ''
    }
    return this[IP]
  },

[Scra3]

Yes, you're right, this.app.proxy is set to false by default. :/

Setting handler = new Koa({ proxyIpHeader: 'X-Forwarded-For', proxy: true }) should likely resolve the issue.

I'll create a ticket to address this.

That said, I have an alternative for you—you can mount your Koa instance using the mountOnKoa method. It accepts a koa instance, allowing you to configure it with any options you need. :)

[antonio0]

That said, I have an alternative for you—you can mount your Koa instance using the mountOnKoa method. It accepts a koa instance, allowing you to configure it with any options you need. :)

As a workaround, mountOnKoa did the job.

[Scra3]

Well, Happy to read your comment.