Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

frpc客户端不能通过X-Forwarded-For获取到 realip #4109

Closed
11 tasks
acmookey opened this issue Mar 27, 2024 · 0 comments · Fixed by #4111
Closed
11 tasks

frpc客户端不能通过X-Forwarded-For获取到 realip #4109

acmookey opened this issue Mar 27, 2024 · 0 comments · Fixed by #4111
Labels

Comments

@acmookey
Copy link

acmookey commented Mar 27, 2024

Bug Description

  • 网络结构
    外网Nginx <=> frps <=> 内网frpc
  • 问题描述
    保持以上网络结构以及配置不变的情况下,在0.55.1和 目前最新版本0.56.0的frpc客户端中,使用 X-Forwarded-For不能获取到客户端IP。tcp报文见 logs部分

frpc Version

0.55.1

frps Version

0.55.1

System Architecture

linux/arm64

Configurations

  • 外网Nginx
map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}
server {
  listen 443 ssl http2;
  server_name umami.test.com;

  include tls/_.test.conf;

  location / {
    proxy_pass http://127.0.0.1:9999;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_http_version 1.1;
    proxy_set_header   Upgrade $http_upgrade;
    proxy_set_header   Connection $connection_upgrade;

    proxy_connect_timeout 3m;
    proxy_send_timeout 3m;
    proxy_read_timeout 3m;

    client_max_body_size 0; # Stream request body to backend

    proxy_buffering off;
    proxy_request_buffering off;
    proxy_redirect off;
  }
}
  • frps.toml
vhostHTTPPort    = 9999
  • frpc.toml
[[proxies]]
name      = "umami"
type      = "http"
localPort = 8092
customDomains = ["umami.test.com"]

Logs

使用tcpdump抓取了frpc客户端所在机器中 8092 端口TCP报文

tcpdump -i lo -n  tcp port 8092 -XXvvvnn -s0

不同版本的frp报文如下:

  • frps: 0.54.0 frpc: 0.54.0
	0x0280:  2d53 6974 653a 2073 616d 652d 7369 7465  -Site:.same-site
	0x0290:  0d0a 582d 466f 7277 6172 6465 642d 466f  ..X-Forwarded-Fo
	0x02a0:  723a 2031 3230 2e32 3330 2e38 302e 3730  r:.120.230.80.70
	0x02b0:  2c20 3132 372e 302e 302e 310d 0a58 2d46  ,.127.0.0.1..X-F
  • frps: 0.55.1 frpc: 0.55.1
	0x0280:  2d53 6974 653a 2073 616d 652d 7369 7465  -Site:.same-site
	0x0290:  0d0a 582d 466f 7277 6172 6465 642d 466f  ..X-Forwarded-Fo
	0x02a0:  723a 2031 3237 2e30 2e30 2e31 0d0a 582d  r:.127.0.0.1..X-
  • frps: 0.56.0 frpc: 0.56.0
	0x0280:  2d53 6974 653a 2073 616d 652d 7369 7465  -Site:.same-site
	0x0290:  0d0a 582d 466f 7277 6172 6465 642d 466f  ..X-Forwarded-Fo
	0x02a0:  723a 2031 3237 2e30 2e30 2e31 0d0a 582d  r:.127.0.0.1..X-

Steps to reproduce

1、将frps以及frpc 从0.54.0版本升级到 0.55.1版本,访问代理服务时通过tcpdump抓取报文发现 X-Forwarded-For相较0.54.0版本缺少了客户端真实ip 120.230.80.70
2、当前最新版本 0.56.0也存在该问题

Affected area

  • Docs
  • Installation
  • Performance and Scalability
  • Security
  • User Experience
  • Test and Release
  • Developer Infrastructure
  • Client Plugin
  • Server Plugin
  • Extensions
  • Others
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants