Adding a setting to configure the source ip header if a proxy sets it…

… as a different value to x-real-ip while keeping it as the default value
thinkst · Oct 30, 2023 · 43620aa · 43620aa
1 parent 69bc760
commit 43620aa
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 1 deletion.
diff --git a/canarytokens/settings.py b/canarytokens/settings.py
@@ -23,6 +23,8 @@ class SwitchboardSettings(BaseSettings):
     REDIS_PORT: Port = Port(6379)
     REDIS_DB: str = "0"
 
+    REAL_IP_HEADER: str = "x-real-ip"
+
     WG_PRIVATE_KEY_SEED: str
     WG_PRIVATE_KEY_N: str = "1000"
 

diff --git a/canarytokens/tokens.py b/canarytokens/tokens.py
@@ -14,6 +14,8 @@
 from twisted.web.http import Request
 from twisted.web.util import redirectTo
 
+from canarytokens.settings import SwitchboardSettings
+
 from canarytokens import canarydrop, queries
 from canarytokens.constants import (
     CANARYTOKEN_ALPHABET,
@@ -67,6 +69,7 @@
 
 g_template_dir: Optional[str]
 
+switchboard_settings = SwitchboardSettings()
 
 def set_template_env(template_dir):
     global g_template_dir
@@ -261,7 +264,7 @@ def _log4_shell(matches: Match[AnyStr]) -> dict[str, dict[str, str]]:
     def _grab_http_general_info(request: Request):
         """"""
         useragent = request.getHeader("User-Agent") or "(no user-agent specified)"
-        src_ip = request.getHeader("x-real-ip") or request.client.host
+        src_ip = request.getHeader(switchboard_settings.REAL_IP_HEADER) or request.client.host
         # DESIGN/TODO: this makes a call to third party ensure we happy with fails here
         #              and have default.
         is_tor_relay = queries.is_tor_relay(src_ip)

diff --git a/switchboard/switchboard.env.dist b/switchboard/switchboard.env.dist
@@ -12,6 +12,7 @@ CANARY_SWITCHBOARD_SCHEME=http
 #CANARY_REDIS_HOST=
 #CANARY_REDIS_PORT=
 #CANARY_REDIS_DB=
+#CANARY_REAL_IP_HEADER=
 
 CANARY_WG_PRIVATE_KEY_SEED=vk/GD+frlhve/hDTTSUvqpQ/WsQtioKAri0Rt5mg7dw=
 #CANARY_WG_PRIVATE_KEY_N=