View Issue Details

IDProjectCategoryView StatusLast Update
0006275unrealircdpublic2023-06-13 20:26
Reporteradamus1red Assigned Tosyzop  
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version6.1.0 
Fixed in Version6.1.1-rc1 
Summary0006275: Add support for x-forward-for & forwarded headers in webserver module
DescriptionThe X-Forwarded-For header field is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy.

It is commonly used by CDN and reverse-proxying. This would allow using a normal webserver for proxying websocket connections rather than having to dedicate http/https ports for a single IRCd websocket.
TagsNo tags attached.
3rd party modules



2023-05-19 19:55

administrator   ~0022864

Last edited: 2023-05-19 19:55

k4be added support for the "Forwarded" header in the websocket module in Aug 2021. It's not well documented and I don't think there are many people using it so I can't vouch on how well it works, maybe k4be uses it himself on his net ?
It does not implement "X-Forwarded-For" or "Forwarded-for" headers though, so that would be a TODO item. Of course, if the other feature is working then this one should be easy (?) to implement.


2023-05-19 19:59

administrator   ~0022865

Last edited: 2023-05-19 20:00

Oh you say "Forwarded" in your bug title, yeah that should work. You must specify the IP of the proxy in listen::options::websocket::forward.
Here is an example (untested, see previous comments):

listen {
    ip *;
    port 8000;
    options {
        websocket {
                type text;
                forward ""; // IP of the proxy
    tls-options {
        certificate "/etc/letsencrypt/live/";
        key "/etc/letsencrypt/live/";
        options {


2023-05-19 23:12

reporter   ~0022867

I've tried using the forward option. It doesn't seem to be working as expected.
After attempting to put the websocket behind a forwarding proxy I still get reported as the source IP when a client connects via the websocket.
image.png (35,293 bytes)


2023-05-26 14:30

administrator   ~0022885

I did a couple of commits in latest git. Feel free to test it out. I verified that it works with the "Forwarded" header and have documented an example NGINX setup (although obviously you don't need to use NGINX).
Documentation is at including that example.

For more information on using latest git, see

Issue History

Date Modified Username Field Change
2023-05-19 19:44 adamus1red New Issue
2023-05-19 19:55 syzop Note Added: 0022864
2023-05-19 19:55 syzop Note Edited: 0022864
2023-05-19 19:59 syzop Note Added: 0022865
2023-05-19 20:00 syzop Note Edited: 0022865
2023-05-19 23:12 adamus1red Note Added: 0022867
2023-05-19 23:12 adamus1red File Added: image.png
2023-05-26 14:30 syzop Note Added: 0022885
2023-05-27 17:32 syzop Assigned To => syzop
2023-05-27 17:32 syzop Status new => feedback
2023-06-13 20:26 syzop Status feedback => resolved
2023-06-13 20:26 syzop Resolution open => fixed
2023-06-13 20:26 syzop Fixed in Version => 6.1.1-rc1