[pve-devel] [PATCH http-server 1/1] fix #5699: pveproxy: add library methods for real IP support

[Fabian Grünbichler]

> Thomas Lamprecht <t.lamprecht at proxmox.com> hat am 25.11.2024 12:17 CET geschrieben:
> 
>  
> Am 25.11.24 um 10:05 schrieb Fabian Grünbichler:
> > yeah, we could switch to the new format *only* if the header option is set?
> > as else, the two IPs are identical anyway, so logging the same one twice
> > while breaking the format provides no benefit?
> >
> > and then maybe with 9.0 switch the format unconditionally, so that
> > parsers/fail2ban configs only need to handle one of them going forward..
> 
> Sounds fine to me. Albeit for some this still might break, if they already
> use a reverse proxy now – but these people at least could not have any
> (working) fail2ban, as they just would have banned the IP of their reverse
> proxy, so it should be fine I think.

it would still require enabling the new feature on the pveproxy side (that's what I meant with "header option", not that the default header is set on the HTTP request), so it's completely opt-in?

> btw., and sorry if I just missed this on reading, how do others log this?
> I.e., is there any somewhat common format and does this patch already
> adheres to that format?

that would indeed be nice to know! :)