caddyhttp: Accept XFF header values with ports, when parsing client IP (#6183)

2025-10-19 15:53:17 +00:00 · 2024-03-21 12:54:25 -04:00 · 2024-03-21 12:54:25 -04:00 · 63d597c09d
commit 63d597c09d
parent e65b97f55b
2 changed files with 34 additions and 7 deletions
--- a/modules/caddyhttp/server_test.go
+++ b/modules/caddyhttp/server_test.go
@ -188,6 +188,15 @@ func TestServer_TrustedRealClientIP_OneTrustedHeaderValidArray(t *testing.T) {
 	assert.Equal(t, ip, "1.1.1.1")
 }

+func TestServer_TrustedRealClientIP_IncludesPort(t *testing.T) {
+	req := httptest.NewRequest("GET", "/", nil)
+	req.RemoteAddr = "192.0.2.1:12345"
+	req.Header.Set("X-Forwarded-For", "1.1.1.1:1234")
+	ip := trustedRealClientIP(req, []string{"X-Forwarded-For"}, "192.0.2.1")
+
+	assert.Equal(t, ip, "1.1.1.1")
+}
+
 func TestServer_TrustedRealClientIP_SkipsInvalidIps(t *testing.T) {
 	req := httptest.NewRequest("GET", "/", nil)
 	req.RemoteAddr = "192.0.2.1:12345"