Skip to content

Commit 84bfaf8

Browse files
benbzbenbz
committed
Log the X-Forwarded-For header and stop logging the Referer header in HAProxy.
1 parent d63711c commit 84bfaf8

File tree

5 files changed

+12
-10
lines changed

5 files changed

+12
-10
lines changed

.github/element-docs-words.txt

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,8 @@ dockerhub
88
Gematik
99
GHSA
1010
homeserver
11-
homeservers
1211
Homeserver
12+
homeservers
1313
Jetstack
1414
kubeconform
1515
kubernetes
@@ -22,6 +22,7 @@ postgres
2222
PostgreSQL
2323
pytest
2424
Pytest
25+
Referer
2526
SCIM
2627
shellcheck
2728
templatable

charts/matrix-stack/configs/haproxy/haproxy.cfg.tpl

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -88,9 +88,9 @@ frontend http-blackhole
8888
# same as http log, with %Th (handshake time)
8989
log-format "%ci:%cp [%tr] %ft %b/%s %Th/%TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
9090

91-
capture request header Host len 32
92-
capture request header Referer len 200
93-
capture request header User-Agent len 200
91+
http-request capture hdr(host) len 32
92+
http-request capture req.fhdr(x-forwarded-for) len 64
93+
http-request capture req.fhdr(user-agent) len 200
9494

9595
http-request deny content-type application/json string '{"errcode": "M_FORBIDDEN", "error": "Blocked"}'
9696

charts/matrix-stack/configs/synapse/partial-haproxy.cfg.tpl

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -35,9 +35,9 @@ frontend synapse-http-in
3535
# same as http log, with %Th (handshake time)
3636
log-format "%ci:%cp [%tr] %ft %b/%s %Th/%TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
3737

38-
capture request header Host len 32
39-
capture request header Referer len 200
40-
capture request header User-Agent len 200
38+
http-request capture hdr(host) len 32
39+
http-request capture req.fhdr(x-forwarded-for) len 64
40+
http-request capture req.fhdr(user-agent) len 200
4141

4242
# before we change the 'src', stash it in a session variable
4343
http-request set-var(sess.orig_src) src if !{ var(sess.orig_src) -m found }

charts/matrix-stack/configs/well-known/partial-haproxy.cfg.tpl

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,9 +13,9 @@ frontend well-known-in
1313
# same as http log, with %Th (handshake time)
1414
log-format "%ci:%cp [%tr] %ft %b/%s %Th/%TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
1515

16-
capture request header Host len 32
17-
capture request header Referer len 200
18-
capture request header User-Agent len 200
16+
http-request capture hdr(host) len 32
17+
http-request capture req.fhdr(x-forwarded-for) len 64
18+
http-request capture req.fhdr(user-agent) len 200
1919

2020
acl is_delete_put_post_method method DELETE POST PUT
2121
http-request deny status 405 if is_delete_put_post_method

newsfragments/788.changed.1.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Log the X-Forwarded-For header and stop logging the Referer header in HAProxy.

0 commit comments

Comments
 (0)