feat: support reading real client IP from a custom header (#1138)

* feat: support reading real client IP from a custom header * pr reviews --------- Co-authored-by: violet <violet@tsukuyomi>
2025-09-25 04:01:24 -04:00 · 2025-09-25 04:01:24 -04:00 · 1cf03535a5
commit 1cf03535a5
parent c3ed405dbc
5 changed files with 22 additions and 0 deletions
--- a/cmd/anubis/main.go
+++ b/cmd/anubis/main.go
@ -83,6 +83,7 @@ var (
 	versionFlag              = flag.Bool("version", false, "print Anubis version")
 	publicUrl                = flag.String("public-url", "", "the externally accessible URL for this Anubis instance, used for constructing redirect URLs (e.g., for forwardAuth).")
 	xffStripPrivate          = flag.Bool("xff-strip-private", true, "if set, strip private addresses from X-Forwarded-For")
+	customRealIPHeader      = flag.String("custom-real-ip-header", "", "if set, read remote IP from header of this name (in case your environment doesn't set X-Real-IP header)")

 	thothInsecure        = flag.Bool("thoth-insecure", false, "if set, connect to Thoth over plain HTTP/2, don't enable this unless support told you to")
 	thothURL             = flag.String("thoth-url", "", "if set, URL for Thoth, the IP reputation database for Anubis")
@ -460,6 +461,7 @@ func main() {

 	var h http.Handler
 	h = s
+	h = internal.CustomRealIPHeader(*customRealIPHeader, h)
 	h = internal.RemoteXRealIP(*useRemoteAddress, *bindNetwork, h)
 	h = internal.XForwardedForToXRealIP(h)
 	h = internal.XForwardedForUpdate(*xffStripPrivate, h)