-
Notifications
You must be signed in to change notification settings - Fork 16
/
proxy-addr.node.txt
31 lines (24 loc) · 2.49 KB
/
proxy-addr.node.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
PROXY-ADDR
VERSION ==> #2.0.7
GOAL ==> #Parse X-Forwarded-For [C], to retrieve all (or the closest) trusted 'ADDR'
#Uses FORWARDED (see its doc) for low-level X-Forwarded-For parsing
#Used by EXPRESS
PROXY-ADDR.all #Returns all trusted 'ADDR' + first untrusted, in proxy chain:
(REQ, FUNC('ADDR', NUM)->BOOL)# - proxy chain: X-Forwarded-For [C] + REQ remoteAddress
->'ADDR'_ARR # - trusted:
# - means reverse proxies under our control (HTTP header cannot be forged)
# - BOOL: true if trusted
# - NUM: number of proxies between origin + 1
# - first one is closest to server
#FUNC can be also be: 'ADDR2'[_ARR] where 'ADDR2' can be:
# - IP
# - CIDR
# - netmask
# - 'loopback' (like '127.0.0.1/8')
# - 'linklocal' (like '169.254.0.1/16')
# - 'uniquelocal' (like '192.168.0.1/16', '10.0.0.0/8' or '172.16.0.0/12')
PROXY-ADDR(...)->'ADDR' #Same as all() but returns furthest to origin only (i.e. first untrusted)
PROXY-ADDR.compile
('ADDR2'[_ARR])->FUNC #Transforms 'ADDR2'[_ARR] into FUNC that can be used with PROXYADDR[.all]()