From 517fbff776e5c20a0d6344b5d0ddfb09258f82fc Mon Sep 17 00:00:00 2001 From: Danny Coates Date: Tue, 5 Apr 2016 20:41:38 -0700 Subject: [PATCH] fix(clientAddress): allow location of the client ip address in forward headers to be specified in config --- config/index.js | 6 ++++++ lib/server.js | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/config/index.js b/config/index.js index 45375fee..18d03960 100644 --- a/config/index.js +++ b/config/index.js @@ -354,6 +354,12 @@ var conf = convict({ format: String, env: 'CORS_ORIGIN', default: '*' + }, + clientAddressDepth: { + doc: 'location of the client ip address in the remote address chain', + format: Number, + env: 'CLIENT_ADDRESS_DEPTH', + default: 3 } }) diff --git a/lib/server.js b/lib/server.js index 0da541bd..54bb538f 100644 --- a/lib/server.js +++ b/lib/server.js @@ -194,9 +194,10 @@ function create(log, error, config, routes, db) { // Construct source-ip-address chain for logging. var xff = (request.headers['x-forwarded-for'] || '').split(/\s*,\s*/) xff.push(request.info.remoteAddress) + var clientAddressIndex = xff.length - (config.clientAddressDepth || 1) // Remove empty items from the list, in case of badly-formed header. request.app.remoteAddressChain = xff.filter(function(x){ return x }) - request.app.clientAddress = request.app.remoteAddressChain[0] + request.app.clientAddress = request.app.remoteAddressChain[clientAddressIndex] request.app.acceptLanguage = trimLocale(request.headers['accept-language']) if (request.headers.authorization) {