My logs show either the forwarder or 127.0.0.1.
This is version 6.5.2, with jupyterhub.
I put debug statements in _apply_xheaders
- trusted_downstream isn't being passed through to that point. i.e. it's empty or undefined.
- netutil.is_valid_ip rejects [2620:0:d60:ac1a::10]
There's always ambiguity in the specs whether IP addresses should have [] around them. Fortigate uses it: AWs documtation says they do https://docs.aws.amazon.com/elasticloadbalancing/latest/application/x-forwarded-headers.html. Wikipedia says some implementations use [] and some don't: https://en.wikipedia.org/wiki/X-Forwarded-For
Here's what I got from a Fortigate acting as a load balancer:
X-Forwarded-For: [2620:0:d60:ac1a::10]
My logs show either the forwarder or 127.0.0.1.
This is version 6.5.2, with jupyterhub.
I put debug statements in _apply_xheaders
There's always ambiguity in the specs whether IP addresses should have [] around them. Fortigate uses it: AWs documtation says they do https://docs.aws.amazon.com/elasticloadbalancing/latest/application/x-forwarded-headers.html. Wikipedia says some implementations use [] and some don't: https://en.wikipedia.org/wiki/X-Forwarded-For
Here's what I got from a Fortigate acting as a load balancer:
X-Forwarded-For: [2620:0:d60:ac1a::10]