Add AppContext switch in patch release to opt-out of breaking behavior change in ForwardedHeaders middleware (#62690)

* Add AppContext switch in patch release to opt-out of breaking behavior change in ForwardedHeaders middleware

* config

---------

Co-authored-by: William Godbe <wigodbe@microsoft.com>

Author: BrennanConroy

eng/PatchConfig.props

@@ -39,6 +39,7 @@ Later on, this will be checked using this condition:
   </PropertyGroup>
   <PropertyGroup Condition=" '$(VersionPrefix)' == '2.3.5' ">
     <PackagesInPatch>
+      Microsoft.AspNetCore.HttpOverrides;
     </PackagesInPatch>
   </PropertyGroup>
 </Project>

src/Middleware/HttpOverrides/src/ForwardedHeadersMiddleware.cs

@@ -24,6 +24,7 @@ public class ForwardedHeadersMiddleware
         private readonly ForwardedHeadersOptions _options;
         private readonly RequestDelegate _next;
         private readonly ILogger _logger;
+        private readonly bool _ignoreUnknownProxiesWithoutFor;
         private bool _allowAllHosts;
         private IList<StringSegment> _allowedHosts;
 
@@ -90,6 +91,18 @@ public ForwardedHeadersMiddleware(RequestDelegate next, ILoggerFactory loggerFac
             _logger = loggerFactory.CreateLogger<ForwardedHeadersMiddleware>();
             _next = next;
 
+            if (AppContext.TryGetSwitch("Microsoft.AspNetCore.HttpOverrides.IgnoreUnknownProxiesWithoutFor", out var enabled)
+            && enabled)
+        {
+            _ignoreUnknownProxiesWithoutFor = true;
+        }
+
+        if (Environment.GetEnvironmentVariable("MICROSOFT_ASPNETCORE_HTTPOVERRIDES_IGNORE_UNKNOWN_PROXIES_WITHOUT_FOR") is string env
+            && (env.Equals("true", StringComparison.OrdinalIgnoreCase) || env.Equals("1")))
+        {
+            _ignoreUnknownProxiesWithoutFor = true;
+        }
+
             PreProcessHosts();
         }
 
@@ -228,12 +241,17 @@ public void ApplyForwarders(HttpContext context)
             {
                 var set = sets[entriesConsumed];
 
-                // For the first instance, allow remoteIp to be null for servers that don't support it natively.
-                if (currentValues.RemoteIpAndPort != null && checkKnownIps && !CheckKnownAddress(currentValues.RemoteIpAndPort.Address))
+                // Opt-out of breaking change behavior where we now always check KnownProxies and KnownNetworks
+                // It used to be guarded by the ForwardedHeaders.XForwardedFor flag, but now we always check it.
+                if (!_ignoreUnknownProxiesWithoutFor || checkFor)
                 {
-                    // Stop at the first unknown remote IP, but still apply changes processed so far.
-                    _logger.LogDebug(1, $"Unknown proxy: {currentValues.RemoteIpAndPort}");
-                    break;
+                    // For the first instance, allow remoteIp to be null for servers that don't support it natively.
+                    if (currentValues.RemoteIpAndPort != null && checkKnownIps && !CheckKnownAddress(currentValues.RemoteIpAndPort.Address))
+                    {
+                        // Stop at the first unknown remote IP, but still apply changes processed so far.
+                        _logger.LogWarning(1, $"Unknown proxy: {currentValues.RemoteIpAndPort}");
+                        break;
+                    }
                 }
 
                 if (checkFor)