Merged
Conversation
Putting the client IP first in the list of client identifiers to check for boot configuration has the problem that the client is usually FeDHCP. If it uses an IP address of a management server for which a boot configuration exists only that boot configuration will be served for every single boot request. Adjust the logic to ignore the clients IP address to rely exclusively on the X-Forwarded-For header to resolving the boot configuration. Resolves: #290
maxmoehl
requested review from
afritzler and
hardikdr
and removed request for
afritzler
Contributor
WalkthroughThe HTTP boot handler's client IP extraction logic was modified to exclusively rely on the Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
server/bootserver.go (1)
378-399:⚠️ Potential issue | 🟠 MajorUse only the originating XFF client entry for matching.
At Line 389, iterating all
X-Forwarded-Forentries can still match an intermediate proxy/management IP and return the wrong boot config. This should match only the original client value (or a trusted-hop strategy), not every hop.Proposed fix
- if xff := r.Header.Get("X-Forwarded-For"); xff != "" { - for _, ip := range strings.Split(xff, ",") { - trimmedIP := strings.TrimSpace(ip) - if trimmedIP != "" { - clientIPs = append(clientIPs, trimmedIP) - } - } + if xff := strings.TrimSpace(r.Header.Get("X-Forwarded-For")); xff != "" { + // XFF format: client, proxy1, proxy2... + // Match only the originating client IP. + if first := strings.TrimSpace(strings.SplitN(xff, ",", 2)[0]); first != "" { + clientIPs = append(clientIPs, first) + } log.Info("X-Forwarded-For Header Found in the Request", "method", r.Method, "path", r.URL.Path, "clientIPs", clientIPs) }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@server/bootserver.go` around lines 378 - 399, The code currently splits X-Forwarded-For into clientIPs and iterates every hop when listing HTTPBootConfig causing possible matches on intermediate proxies; change the XFF handling in bootserver.go so you extract only the originating client IP (the first non-empty left-most trimmed entry from X-Forwarded-For) and use that single IP for the k8sClient.List call (and for logging) instead of iterating clientIPs; if you need a trusted-hop strategy, replace the single-IP selection with that logic but ensure only one IP is used for MatchingFields lookup in the loop that calls k8sClient.List and for the "Found/Failed to list HTTPBootConfig" logs.
🧹 Nitpick comments (1)
server/bootserver_test.go (1)
27-48: Add a direct regression test for XFF-based matching behavior.This case (Line 44) validates the no-header default path, but it does not prove the fix path:
RemoteAddrignored andX-Forwarded-Forclient used. Please add a test with a non-matchingRemoteAddrplus matching XFF value (ideally multi-hop XFF) to lock in the intended behavior.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@server/bootserver_test.go` around lines 27 - 48, Add a new test It(...) alongside the existing "delivers default httpboot..." case that sends an HTTP request to testServerURL+"/httpboot" with a non-matching RemoteAddr scenario but with an X-Forwarded-For header whose first (client) IP matches an existing HTTPBootConfig; use a multi-hop XFF value (e.g. "clientIP, proxy1, proxy2") and perform the request via http.NewRequest + client.Do, then decode into httpBootResponse and assert the returned UKIURL equals the expected matching config URL (not defaultUKIURL), that ClientIPs contains the parsed XFF entries, and that SystemUUID is set when the matching HTTPBootConfig provides one; reference httpBootResponse, testServerURL, defaultUKIURL and the HTTPBootConfig matching behavior when implementing.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Outside diff comments:
In `@server/bootserver.go`:
- Around line 378-399: The code currently splits X-Forwarded-For into clientIPs
and iterates every hop when listing HTTPBootConfig causing possible matches on
intermediate proxies; change the XFF handling in bootserver.go so you extract
only the originating client IP (the first non-empty left-most trimmed entry from
X-Forwarded-For) and use that single IP for the k8sClient.List call (and for
logging) instead of iterating clientIPs; if you need a trusted-hop strategy,
replace the single-IP selection with that logic but ensure only one IP is used
for MatchingFields lookup in the loop that calls k8sClient.List and for the
"Found/Failed to list HTTPBootConfig" logs.
---
Nitpick comments:
In `@server/bootserver_test.go`:
- Around line 27-48: Add a new test It(...) alongside the existing "delivers
default httpboot..." case that sends an HTTP request to
testServerURL+"/httpboot" with a non-matching RemoteAddr scenario but with an
X-Forwarded-For header whose first (client) IP matches an existing
HTTPBootConfig; use a multi-hop XFF value (e.g. "clientIP, proxy1, proxy2") and
perform the request via http.NewRequest + client.Do, then decode into
httpBootResponse and assert the returned UKIURL equals the expected matching
config URL (not defaultUKIURL), that ClientIPs contains the parsed XFF entries,
and that SystemUUID is set when the matching HTTPBootConfig provides one;
reference httpBootResponse, testServerURL, defaultUKIURL and the HTTPBootConfig
matching behavior when implementing.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 1826cd84-dec7-42c0-a246-8c214914cbc9
📒 Files selected for processing (2)
server/bootserver.goserver/bootserver_test.go
damyan
approved these changes
Mar 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Putting the client IP first in the list of client identifiers to check for boot configuration has the problem that the client is usually FeDHCP. If it uses an IP address of a management server for which a boot configuration exists only that boot configuration will be served for every single boot request.
Adjust the logic to ignore the clients IP address to rely exclusively on the X-Forwarded-For header to resolving the boot configuration.
Resolves: #290
Summary by CodeRabbit