Anonymize direct IPv6 connections as well

pimterry · pimterry · commit ff470e0028e6 · 2025-12-19T16:46:57.000+01:00
diff --git a/Caddyfile b/Caddyfile
@@ -17,6 +17,9 @@
 
         # Anonymize ip addresses when forwarding:
         header_up X-Forwarded-For "\.\d{0,3}(,\s*|$)" ".0$1"
+        # Same for IPv6:
+        header_up X-Forwarded-For "(?i)^([0-9a-f]{1,4}(?::[0-9a-f]{1,4}){1,3}).*" "$1::"
+        # Drop envoy extra address header entirely:
         header_up -X-Envoy-External-Address
     }
 }
@@ -43,6 +46,9 @@
 
             # Anonymize ip addresses when forwarding:
             header_up X-Forwarded-For "\.\d{0,3}(,\s*|$)" ".0$1"
+            # Same for IPv6:
+            header_up X-Forwarded-For "(?i)^([0-9a-f]{1,4}(?::[0-9a-f]{1,4}){1,3}).*" "$1::"
+            # Drop envoy extra address header entirely:
             header_up -X-Envoy-External-Address
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,9 @@`
`17`	`17`
`18`	`18`	`# Anonymize ip addresses when forwarding:`
`19`	`19`	`header_up X-Forwarded-For "\.\d{0,3}(,\s*\|$)" ".0$1"`
	`20`	`+ # Same for IPv6:`
	`21`	`+ header_up X-Forwarded-For "(?i)^([0-9a-f]{1,4}(?::[0-9a-f]{1,4}){1,3}).*" "$1::"`
	`22`	`+ # Drop envoy extra address header entirely:`
`20`	`23`	`header_up -X-Envoy-External-Address`
`21`	`24`	`}`
`22`	`25`	`}`
`@@ -43,6 +46,9 @@`
`43`	`46`
`44`	`47`	`# Anonymize ip addresses when forwarding:`
`45`	`48`	`header_up X-Forwarded-For "\.\d{0,3}(,\s*\|$)" ".0$1"`
	`49`	`+ # Same for IPv6:`
	`50`	`+ header_up X-Forwarded-For "(?i)^([0-9a-f]{1,4}(?::[0-9a-f]{1,4}){1,3}).*" "$1::"`
	`51`	`+ # Drop envoy extra address header entirely:`
`46`	`52`	`header_up -X-Envoy-External-Address`
`47`	`53`	`}`
`48`	`54`	`}`