From 2b1023f915ab33bfad598442f7ab51c3c108ba9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Tue, 21 Jan 2020 15:27:02 +0100 Subject: [PATCH] net/http/httputil: docs about X-Forwarded-For in ReverseProxy --- src/net/http/httputil/reverseproxy.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/net/http/httputil/reverseproxy.go b/src/net/http/httputil/reverseproxy.go index e8f7df29a1..bdac69ef9a 100644 --- a/src/net/http/httputil/reverseproxy.go +++ b/src/net/http/httputil/reverseproxy.go @@ -24,6 +24,13 @@ import ( // ReverseProxy is an HTTP Handler that takes an incoming request and // sends it to another server, proxying the response back to the // client. +// ReverseProxy automatically sets the client IP as value of the +// X-Forwarded-For header. +// If a X-Forwarded-For header already exists, the client IP is +// appended to existing values. +// To prevent IP spoofing, be sure to delete any pre-existing +// X-Forwarded-For header comming from the client or +// an untrusted proxy. type ReverseProxy struct { // Director must be a function which modifies // the request into a new request to be sent