deflax/television
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: deflax:22158acb08f0d97439448791ec7170c544d97166
Branches Tags
deflax:main
...
compare: deflax:4bf5e8f63a2adf253773a8db1e88b85100c797bf
Branches Tags
deflax:main

3 commits
22158acb08 ... 4bf5e8f63a

Author SHA1 Message Date
deflax
4bf5e8f63a Set X-Forwarded-For only for requests from Cloudflare 2025-02-06 20:50:32 +02:00
deflax
f7d13e1cf0 remove forwardfor 2025-02-06 20:46:03 +02:00
deflax
e4d143531a list ipv4 cloudflare ranges 2025-02-06 20:45:43 +02:00
2 changed files with 20 additions and 1 deletions
Show stats Expand all files Collapse all files

15
config/haproxy/cloudflare_ips.lst Normal file
View file

@ -0,0 +1,15 @@
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/13
104.24.0.0/14
172.64.0.0/13
131.0.72.0/22

6
config/haproxy/haproxy.cfg
View file

@ -47,6 +47,11 @@ frontend web
http-request set-header X-Url-Scheme https
http-request set-header Host %[ssl_fc_sni]
# Set X-Forwarded-For only for requests from Cloudflare
acl from_cf src -f /usr/local/etc/haproxy/cloudflare_ips.lst
acl cf_ip_hdr req.hdr(CF-Connecting-IP) -m found
http-request set-header X-Forwarded-For %[req.hdr(CF-Connecting-IP)] if from_cf cf_ip_hdr
# CORS
http-response set-header Access-Control-Allow-Origin "*"
http-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId"
@ -65,7 +70,6 @@ frontend web
use_backend backend_restreamer if is_stream
backend backend_api
option forwardfor
balance leastconn
server api1 api:8080 check inter 5s rise 4 fall 2