Semisol 👨‍💻 on Nostr: is your strfry relay crashing? probably because of this exploit: ...

is your strfry relay crashing? probably because of this exploit:

quoting nevent1q…fuu7

## Why this is happening

This happens due to an invalid real IP header.

You are most likely using `X-Forwarded-For` as the real IP header. Strfry expects the real IP header to contain just an IP, but [the `X-Forwarded-For` header is *a list of IPs*](https://en.wikipedia.org/wiki/X-Forwarded-For), with every proxy adding the IP of where it got the request from.

If a client specifies an X-Forwarded-For header, like `X-Forwarded-For: 1.1.1.1`, your proxy will add the remote IP, like this: `X-Forwarded-For: 1.1.1.1, 127.0.0.1`
When you use `$proxy_add_x_forwarded_for` in Nginx, this is what it is doing: *appending* the remote IP to the header.

Strfry tries parsing `1.1.1.1, 127.0.0.1` as an IP address, fails, and throws an exception.

## How to fix it

If you are using Caddy, just switch to `X-Real-IP`.

If you are using Nginx, you can add a real IP header like so, and switch to using it:
`proxy_set_header X-Real-IP $remote_addr;`

You can also disable the real IP header, but this will cause problems if you use a write filter script or look at the logs.