Skip to content

fix(traefik): handle comma-separated ClientHost in JSON logs#1665

Merged
LaurenceJJones merged 3 commits intocrowdsecurity:masterfrom
LaurenceJJones:fix/traefik-clienthost-list
Jan 29, 2026
Merged

fix(traefik): handle comma-separated ClientHost in JSON logs#1665
LaurenceJJones merged 3 commits intocrowdsecurity:masterfrom
LaurenceJJones:fix/traefik-clienthost-list

Conversation

@LaurenceJJones
Copy link
Copy Markdown
Contributor

@LaurenceJJones LaurenceJJones commented Jan 29, 2026
edited
Loading

Fixes #1589

Description

If the connecting user is using a proxy like zscaler Traefik automatically appends the connecting IP as a CSV list of IP's since we dont trust the IP since its not our proxy, there nothing more we can do other than grab the last IP as that is the one that traefik saw. EG: <x_forwarded_for_header>,<traefik_saw_this_one>

note remediation components such as traefik might have a hard time knowing which IP to block but this is out of scope for hub

Checklist

  • I have read the contributing guide
  • I have tested my changes locally
  • For new parsers or scenarios, tests have been added
  • I have run the hub linter and no issues were reported (see contributing guide)
  • Automated tests are passing
  • AI was used to generate any/all content of this PR

LaurenceJJones and others added 3 commits January 29, 2026 15:47
@LaurenceJJones @claude
fix(traefik): handle comma-separated ClientHost in JSON logs
19c017a 
Fixes crowdsecurity#1589

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@LaurenceJJones @claude
fix(traefik): use last IP from ClientHost list
5f87664 
Use the last IP (the one that actually connected) rather than the first
(which could be spoofed by an untrusted proxy).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@LaurenceJJones @claude
test(traefik): add test for comma-separated ClientHost
9d1ed52 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@LaurenceJJones LaurenceJJones merged commit 10459f9 into crowdsecurity:master Jan 29, 2026
3 checks passed
@LaurenceJJones LaurenceJJones deleted the fix/traefik-clienthost-list branch January 29, 2026 16:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Traefik JSON parser fails when there is more than one IP in ClientHost

1 participant

@LaurenceJJones