From 22038b5e5ee49e68cbf7437377f0662787340940 Mon Sep 17 00:00:00 2001 From: Brennan Date: Tue, 8 Jul 2025 14:33:58 -0700 Subject: [PATCH 1/2] Add AppContext switch in patch release to opt-out of breaking behavior change in ForwardedHeaders middleware. --- .../src/ForwardedHeadersMiddleware.cs | 30 +++++++-- .../test/ForwardedHeadersMiddlewareTest.cs | 62 +++++++++++++++++++ 2 files changed, 86 insertions(+), 6 deletions(-) diff --git a/src/Middleware/HttpOverrides/src/ForwardedHeadersMiddleware.cs b/src/Middleware/HttpOverrides/src/ForwardedHeadersMiddleware.cs index d00ccfa0a13d..72cae1507a0e 100644 --- a/src/Middleware/HttpOverrides/src/ForwardedHeadersMiddleware.cs +++ b/src/Middleware/HttpOverrides/src/ForwardedHeadersMiddleware.cs @@ -21,6 +21,7 @@ public class ForwardedHeadersMiddleware private readonly ForwardedHeadersOptions _options; private readonly RequestDelegate _next; private readonly ILogger _logger; + private readonly bool _ignoreUnknownProxiesWithoutFor; private bool _allowAllHosts; private IList? _allowedHosts; @@ -63,6 +64,18 @@ public ForwardedHeadersMiddleware(RequestDelegate next, ILoggerFactory loggerFac _logger = loggerFactory.CreateLogger(); _next = next; + if (AppContext.TryGetSwitch("Microsoft.AspNetCore.HttpOverrides.IgnoreUnknownProxiesWithoutFor", out var enabled) + && enabled) + { + _ignoreUnknownProxiesWithoutFor = true; + } + + if (Environment.GetEnvironmentVariable("MICROSOFT_ASPNETCORE_HTTPOVERRIDES_IGNORE_UNKNOWN_PROXIES_WITHOUT_FOR") is string env + && (env.Equals("true", StringComparison.OrdinalIgnoreCase) || env.Equals("1"))) + { + _ignoreUnknownProxiesWithoutFor = true; + } + PreProcessHosts(); } @@ -220,15 +233,20 @@ public void ApplyForwarders(HttpContext context) for (; entriesConsumed < sets.Length; entriesConsumed++) { var set = sets[entriesConsumed]; - // For the first instance, allow remoteIp to be null for servers that don't support it natively. - if (currentValues.RemoteIpAndPort != null && checkKnownIps && !CheckKnownAddress(currentValues.RemoteIpAndPort.Address)) + // Opt-out of breaking change behavior where we now always check KnownProxies and KnownNetworks + // It used to be guarded by the ForwardedHeaders.XForwardedFor flag, but now we always check it. + if (!_ignoreUnknownProxiesWithoutFor || checkFor) { - // Stop at the first unknown remote IP, but still apply changes processed so far. - if (_logger.IsEnabled(LogLevel.Debug)) + // For the first instance, allow remoteIp to be null for servers that don't support it natively. + if (currentValues.RemoteIpAndPort != null && checkKnownIps && !CheckKnownAddress(currentValues.RemoteIpAndPort.Address)) { - _logger.LogDebug(1, "Unknown proxy: {RemoteIpAndPort}", currentValues.RemoteIpAndPort); + // Stop at the first unknown remote IP, but still apply changes processed so far. + if (_logger.IsEnabled(LogLevel.Warning)) + { + _logger.LogWarning(1, "Unknown proxy: {RemoteIpAndPort}", currentValues.RemoteIpAndPort); + } + break; } - break; } if (checkFor) diff --git a/src/Middleware/HttpOverrides/test/ForwardedHeadersMiddlewareTest.cs b/src/Middleware/HttpOverrides/test/ForwardedHeadersMiddlewareTest.cs index 4fd1341acc45..98cbb3d13796 100644 --- a/src/Middleware/HttpOverrides/test/ForwardedHeadersMiddlewareTest.cs +++ b/src/Middleware/HttpOverrides/test/ForwardedHeadersMiddlewareTest.cs @@ -7,6 +7,7 @@ using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.TestHost; +using Microsoft.DotNet.RemoteExecutor; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; @@ -1035,6 +1036,67 @@ public async Task IgnoreXForwardedHeadersFromUnknownProxy(ForwardedHeaders forwa } } + [Theory] + [InlineData(ForwardedHeaders.XForwardedFor)] + [InlineData(ForwardedHeaders.XForwardedHost)] + [InlineData(ForwardedHeaders.XForwardedProto)] + [InlineData(ForwardedHeaders.XForwardedPrefix)] + public void AppContextDoesNotValidateUnknownProxyWithoutForwardedFor(ForwardedHeaders forwardedHeaders) + { + RemoteExecutor.Invoke(static async (forwardedHeadersName) => + { + Assert.True(Enum.TryParse(forwardedHeadersName, out var forwardedHeaders)); + AppContext.SetSwitch("Microsoft.AspNetCore.HttpOverrides.IgnoreUnknownProxiesWithoutFor", true); + using var host = new HostBuilder() + .ConfigureWebHost(webHostBuilder => + { + webHostBuilder + .UseTestServer() + .Configure(app => + { + var options = new ForwardedHeadersOptions + { + ForwardedHeaders = forwardedHeaders + }; + app.UseForwardedHeaders(options); + }); + }).Build(); + + await host.StartAsync(); + + var server = host.GetTestServer(); + + var context = await server.SendAsync(c => + { + c.Request.Headers["X-Forwarded-For"] = "11.111.111.11"; + c.Request.Headers["X-Forwarded-Host"] = "testhost"; + c.Request.Headers["X-Forwarded-Proto"] = "Protocol"; + c.Request.Headers["X-Forwarded-Prefix"] = "/pathbase"; + c.Connection.RemoteIpAddress = IPAddress.Parse("10.0.0.1"); + c.Connection.RemotePort = 99; + }); + + if (forwardedHeaders.HasFlag(ForwardedHeaders.XForwardedFor)) + { + // X-Forwarded-For ignored since 10.0.0.1 isn't in KnownProxies + Assert.Equal("10.0.0.1", context.Connection.RemoteIpAddress.ToString()); + } + if (forwardedHeaders.HasFlag(ForwardedHeaders.XForwardedHost)) + { + Assert.Equal("testhost", context.Request.Host.ToString()); + } + if (forwardedHeaders.HasFlag(ForwardedHeaders.XForwardedProto)) + { + Assert.Equal("Protocol", context.Request.Scheme); + } + if (forwardedHeaders.HasFlag(ForwardedHeaders.XForwardedPrefix)) + { + Assert.Equal("/pathbase", context.Request.PathBase); + } + return RemoteExecutor.SuccessExitCode; + }, forwardedHeaders.ToString()).Dispose(); + } + [Fact] public async Task PartiallyEnabledForwardsPartiallyChangesRequest() { From 0b8374e3742d37ba6469aab0eb1c1c00b555a6bd Mon Sep 17 00:00:00 2001 From: Brennan Date: Fri, 11 Jul 2025 14:26:12 -0700 Subject: [PATCH 2/2] env --- .../test/ForwardedHeadersMiddlewareTest.cs | 61 +++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/src/Middleware/HttpOverrides/test/ForwardedHeadersMiddlewareTest.cs b/src/Middleware/HttpOverrides/test/ForwardedHeadersMiddlewareTest.cs index 98cbb3d13796..627ad96a3cd6 100644 --- a/src/Middleware/HttpOverrides/test/ForwardedHeadersMiddlewareTest.cs +++ b/src/Middleware/HttpOverrides/test/ForwardedHeadersMiddlewareTest.cs @@ -1097,6 +1097,67 @@ public void AppContextDoesNotValidateUnknownProxyWithoutForwardedFor(ForwardedHe }, forwardedHeaders.ToString()).Dispose(); } + [Theory] + [InlineData(ForwardedHeaders.XForwardedFor)] + [InlineData(ForwardedHeaders.XForwardedHost)] + [InlineData(ForwardedHeaders.XForwardedProto)] + [InlineData(ForwardedHeaders.XForwardedPrefix)] + public void EnvVariableDoesNotValidateUnknownProxyWithoutForwardedFor(ForwardedHeaders forwardedHeaders) + { + RemoteExecutor.Invoke(static async (forwardedHeadersName) => + { + Assert.True(Enum.TryParse(forwardedHeadersName, out var forwardedHeaders)); + Environment.SetEnvironmentVariable("MICROSOFT_ASPNETCORE_HTTPOVERRIDES_IGNORE_UNKNOWN_PROXIES_WITHOUT_FOR", "true"); + using var host = new HostBuilder() + .ConfigureWebHost(webHostBuilder => + { + webHostBuilder + .UseTestServer() + .Configure(app => + { + var options = new ForwardedHeadersOptions + { + ForwardedHeaders = forwardedHeaders + }; + app.UseForwardedHeaders(options); + }); + }).Build(); + + await host.StartAsync(); + + var server = host.GetTestServer(); + + var context = await server.SendAsync(c => + { + c.Request.Headers["X-Forwarded-For"] = "11.111.111.11"; + c.Request.Headers["X-Forwarded-Host"] = "testhost"; + c.Request.Headers["X-Forwarded-Proto"] = "Protocol"; + c.Request.Headers["X-Forwarded-Prefix"] = "/pathbase"; + c.Connection.RemoteIpAddress = IPAddress.Parse("10.0.0.1"); + c.Connection.RemotePort = 99; + }); + + if (forwardedHeaders.HasFlag(ForwardedHeaders.XForwardedFor)) + { + // X-Forwarded-For ignored since 10.0.0.1 isn't in KnownProxies + Assert.Equal("10.0.0.1", context.Connection.RemoteIpAddress.ToString()); + } + if (forwardedHeaders.HasFlag(ForwardedHeaders.XForwardedHost)) + { + Assert.Equal("testhost", context.Request.Host.ToString()); + } + if (forwardedHeaders.HasFlag(ForwardedHeaders.XForwardedProto)) + { + Assert.Equal("Protocol", context.Request.Scheme); + } + if (forwardedHeaders.HasFlag(ForwardedHeaders.XForwardedPrefix)) + { + Assert.Equal("/pathbase", context.Request.PathBase); + } + return RemoteExecutor.SuccessExitCode; + }, forwardedHeaders.ToString()).Dispose(); + } + [Fact] public async Task PartiallyEnabledForwardsPartiallyChangesRequest() {