X-forwarded-for sends Kong IP address to upstream in v1.5.1, but not in v2.5.0

We are trying to upgrade from 1.5.1 to 2.5.0. An issue we have experienced is that the two clusters running different versions send a different x-forwarded-for header to the upstream with the same relevant configuration.

trusted_ips = 0.0.0.0/0,::/0
real_ip_header = X-Kong-Forwarded-For (this field is set by the load balancer - it is the client IP)
real_ip_recursive = off

In the cluster with version 1.5.1, x-forwarded-for is set to Kong’s IP address when it comes to the upstream. In the cluster with version 2.5.0, x-forwarded-for is set to to the client IP address. We do not use any plugins that change this header, and have not found anything in the release notes that explains why this behaves differently.

Based upon what we have read, these settings should make x-forwarded-for be set to to the client IP address, which is the behavior we get in the cluster with 2.5.0. Are there any other settings in kong.conf that can explain why x-forwarded-for is set to Kong’s IP address in the cluster running 1.5.1? It doesn’t seem like Kong is supposed to have the behavior that it has in our cluster, according to Kong did not add itself to x-forward-for header · Issue #3605 · Kong/kong · GitHub .

We also want x-forwarded-for to be set to Kong’s IP address when hitting the upstream in 2.5.0.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ