fix: strip port from X-Forwarded-For header to get real IP

2026-05-09 20:38:50 +02:00
parent bbdf82441e
commit 543480b34f
2 changed files with 12 additions and 1 deletions
@@ -221,7 +221,13 @@ function makeBodyAndType(req, clientIp, defaultLook) {
  const xHeaders = collectXHeaders(req);
  const { proxyHeadersBlock, proxyHeadersHtml } = proxyMarkup(xHeaders);

-  const xff = (req.headers["x-forwarded-for"] || "").split(",")[0].trim();
+  let xff = (req.headers["x-forwarded-for"] || "").split(",")[0].trim();
+  // strip port: [::1]:port -> ::1, 1.2.3.4:port -> 1.2.3.4
+  if (xff.startsWith("[")) {
+    xff = xff.slice(1, xff.includes("]") ? xff.indexOf("]") : xff.length);
+  } else if ((xff.match(/:/g) || []).length === 1) {
+    xff = xff.split(":")[0];
+  }
  let ipText, ipHtml;
  if (xff) {
    ipText = `${xff} (forwarded by proxy ${clientIp})`;
@@ -238,6 +238,11 @@ class OkHandler(BaseHTTPRequestHandler):
        xff = self.headers.get("X-Forwarded-For", "")
        if xff:
            real_ip = xff.split(",")[0].strip()
+            # strip port: [::1]:port -> ::1, 1.2.3.4:port -> 1.2.3.4
+            if real_ip.startswith("["):
+                real_ip = real_ip[1:real_ip.index("]")] if "]" in real_ip else real_ip[1:]
+            elif real_ip.count(":") == 1:
+                real_ip = real_ip.split(":")[0]
            ip_text = f"{real_ip} (forwarded by proxy {client_ip})"
            ip_html = (
                f"<strong>{escape(real_ip)}</strong>"