Configurable filter of trusted proxies to handle x-forwarded-for header

[Hexta]

Title: Configurable list of trusted proxies to handle x-forwarded-for header

Description:
It'd be helpful for improving security to handle x-forwarded-for header from the trusted proxies only if they are specified to filter out forged XFF header from malicious clients.
And add a configuration parameter to specify such trusted proxies. List of CIDR, for example.
In a similar way as set_real_ip_from option in Nginx.

[yanavlasov]

Sounds like a good feature. @mattklein123 @alyssawilk for any other comments

[alyssawilk]

I think rather than have this simply be a filter you'd want an extension to the original_ip_detection plug-in to sanitize the header before we use it for calculating the original IP.

[keremgocen]

if there's a consensus on the proposed solution I'm happy to take a look

[Hexta]

I agree from my side with @alyssawilk.

[yanavlasov]

Yes, looks like it can be an original_ip_detection extension.

[Hexta]

@keremgocen Hey, are you going to implement this?

[keremgocen]

@Hexta I'm still interested, could you point me to a place where I can understand what exactly I should do better? Should I look at the set_real_ip_from implementation in nginx? Or is there another similar filter I can copy the behaviour from? (disc: I'm new to the project)

[Sush-Dew]

@Hexta Could you assign this issue to me? I am a beginner and this issue seems a good first issue to resolve.

[Co9514]

@Hexta Hi, is someone running an issue?
I want to try it.