RFC-7239 "Forwarded" header not properly supported

[Waschnick]

Current issue

• The value of the Forwarded header is actually a complex object and not a simple IP, cf. RFC-7239
• Example: for=123.34.567.89,for=192.0.2.43;by=[APIGW_IP];host=apiid.execute-api.us-east-1.amazonaws.com;proto=https
• Example 2: for=94.134.90.17;host=public-api.example.org;proto=https (from our app logs)

Proposed solution

• Write a function getClientIpFromForwarded similar to getClientIpFromXForwardedFor

Use Case

We are using AWS API Gateway with a private ALB (load balancer) and need the IP to use for getting the geo location. AWS API Gateway uses the Forwarded header for the client ip (see example 2). (And the ALB will set X-Forwarded-For with the private class-c IP from the ALB, but that's another issue)

I would also be open to contribute a PR with tests and the required changes. WDYT?

Sources

• https://tools.ietf.org/html/rfc7239
• https://medium.com/@lancers/amazon-api-gateway-explaining-http-proxy-in-http-api-3ea0afe6b03c#:~:text=Forwarded%20header,de%2Dfacto%2Dstandard

[pbojinov]

@Waschnick thank you for posting this and for the detailed example.

I'd be open to accept a PR with tests for this as long as it's backwards compatible with the main function / we can expose a new public function getClientIpFromXForwardedFor

[martindeamorin]

HI @pbojinov, @Waschnick! I created a PR to fix this issue, it would be cool if you could review it! You can fin it here: #71