sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-28 13:16:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add reverse proxy header security and forwarding

Browse Source 
- Rewrite Host header to backend target (configurable via pass_host_header per mapping)
- Strip and set X-Forwarded-For/X-Real-IP from direct connection (trust boundary)
- Set X-Forwarded-Host and X-Forwarded-Proto headers
- Strip nb_session cookie and session_token query param before forwarding
- Add --forwarded-proto flag (auto/http/https) for proto detection
- Fix OIDC redirect hardcoded https scheme
- Add pass_host_header to proto, API, and management model
This commit is contained in:
Viktor Liu
2026-02-08 14:16:52 +08:00
parent 0a3a9f977d
commit 07e59b2708
13 changed files with 700 additions and 228 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
shared/management/proto/proxy_service.proto
View File

@@ -64,6 +64,9 @@ message ProxyMapping {
repeated PathMapping path = 5;
string auth_token = 6;
Authentication auth = 7;
// When true, the original Host header from the client request is passed
// through to the backend instead of being rewritten to the backend's address.
bool pass_host_header = 8;
}
// SendAccessLogRequest consists of one or more AccessLogs from a Proxy.