Reputation: 63
Using app.set to set trust proxy
When setting the application variable trust proxy, does the second argument in app.set mean that the server trusts all the requests FROM 127.0.0.1 or TO 127.0.0.1?
For example:
app.set('trust proxy', 'loopback');
// or
app.set('trust proxy', '127.0.0.1');
and then
var sess = {
proxy: true
cookie: {
httpOnly: true,
secure: true
}
}
According to the documentation, several types of value are allowed as the second argument:
Boolean
If true, the client’s IP address is understood as the left-most entry in the X-Forwarded-* header.
If false, the app is understood as directly facing the Internet and the client’s IP address is derived from req.connection.remoteAddress. This is the default setting.
IP addresses
An IP address, subnet, or an array of IP addresses and subnets to trust. The following list shows the pre-configured subnet names
Upvotes: 1
Views: 5633
Answers (1)
Reputation: 2786
I believe this would be for inbound requests (i.e., from 127.0.0.1).
The documentation you linked to is talking about running an Express app behind a proxy. When the requests hit the proxy, the proxy routs the requests to the app, and the app sees the proxy's IP address instead of the original client's IP address.
Setting trust proxy fixes that problem by ignoring the proxy's IP address (in one way or another), as the documentation explains.
Upvotes: 7
Related Questions
- How can I set a proxy for Wget?
- Cannot download Docker images behind a proxy
- How do I set the proxy to be used by the JVM
- Proxy with express.js
- performing HTTP requests with cURL (using PROXY)
- Getting Git to work with a proxy server - fails with "Request timed out"
- How do I pull from a Git repository through an HTTP proxy?
- Error: Can't set headers after they are sent to the client
- Express - req.ip returns 127.0.0.1