Revert forwarded-for fixes

2025-09-10 05:54:16 +08:00 · 2025-09-07 14:25:32 +02:00 · 2025-09-07 14:25:32 +02:00 · f64a098fae
commit f64a098fae
parent d5de5d0e79
2 changed files with 393 additions and 367 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/crates/http/src/request.rs
+++ b/crates/http/src/request.rs
@ -666,7 +666,6 @@ impl ParseHttp for Server {
 async fn handle_session<T: SessionStream>(inner: Arc<Inner>, session: SessionData<T>) {
    let _in_flight = session.in_flight;
    let is_tls = session.stream.is_tls();
-    let mut remote_ip = session.remote_ip;

    if let Err(http_err) = http1::Builder::new()
        .keep_alive(true)
@ -680,12 +679,14 @@ async fn handle_session<T: SessionStream>(inner: Arc<Inner>, session: SessionDat
                    let server = inner.build_server();

                    // Obtain remote IP
-                    if !server.core.jmap.http_use_forwarded {
+                    let remote_ip = if !server.core.jmap.http_use_forwarded {
                        trc::event!(
                            Http(trc::HttpEvent::RequestUrl),
                            SpanId = session.session_id,
                            Url = req.uri().to_string(),
                        );
+
+                        session.remote_ip
                    } else if let Some(forwarded_for) = req
                        .headers()
                        .get(header::FORWARDED)
@ -746,13 +747,14 @@ async fn handle_session<T: SessionStream>(inner: Arc<Inner>, session: SessionDat
                            Url = req.uri().to_string(),
                        );

-                        remote_ip = forwarded_for;
+                        forwarded_for
                    } else {
                        trc::event!(
                            Http(trc::HttpEvent::XForwardedMissing),
                            SpanId = session.session_id,
                        );
-                    }
+                        session.remote_ip
+                    };

                    // Parse HTTP request
                    let response = match Box::pin(server.parse_http_request(
@ -812,12 +814,16 @@ async fn handle_session<T: SessionStream>(inner: Arc<Inner>, session: SessionDat
        .await
    {
        if http_err.is_parse() {
-            match inner.build_server().is_scanner_fail2banned(remote_ip).await {
+            match inner
+                .build_server()
+                .is_scanner_fail2banned(session.remote_ip)
+                .await
+            {
                Ok(true) => {
                    trc::event!(
                        Security(SecurityEvent::ScanBan),
                        SpanId = session.session_id,
-                        RemoteIp = remote_ip,
+                        RemoteIp = session.remote_ip,
                        Reason = http_err.to_string(),
                    );
                    return;