From bc643dd32f145bebfe94068e9cd18fea0ae2b0fc Mon Sep 17 00:00:00 2001
From: Alexey Anokhin <exile.developer@gmail.com>
Date: Fri, 15 Dec 2023 12:09:02 +0300
Subject: [PATCH] #6953 Fixed retrieving of the originating client IP when
 using proxy servers

---
 .../ApplicationBuilderExtensions.cs           | 20 +++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/Presentation/Nop.Web.Framework/Infrastructure/Extensions/ApplicationBuilderExtensions.cs b/src/Presentation/Nop.Web.Framework/Infrastructure/Extensions/ApplicationBuilderExtensions.cs
index b0c53baee60..65912c8a2af 100644
--- a/src/Presentation/Nop.Web.Framework/Infrastructure/Extensions/ApplicationBuilderExtensions.cs
+++ b/src/Presentation/Nop.Web.Framework/Infrastructure/Extensions/ApplicationBuilderExtensions.cs
@@ -478,26 +478,30 @@ public static void UseNopEndpoints(this IApplicationBuilder application)
         public static void UseNopProxy(this IApplicationBuilder application)
         {
             var appSettings = EngineContext.Current.Resolve<AppSettings>();
+            var hostingConfig = appSettings.Get<HostingConfig>();
 
-            if (appSettings.Get<HostingConfig>().UseProxy)
+            if (hostingConfig.UseProxy)
             {
                 var options = new ForwardedHeadersOptions
                 {
-                    ForwardedHeaders = ForwardedHeaders.All,
+                    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto,
                     // IIS already serves as a reverse proxy and will add X-Forwarded headers to all requests,
                     // so we need to increase this limit, otherwise, passed forwarding headers will be ignored.
                     ForwardLimit = 2
                 };
 
-                if (!string.IsNullOrEmpty(appSettings.Get<HostingConfig>().ForwardedForHeaderName))
-                    options.ForwardedForHeaderName = appSettings.Get<HostingConfig>().ForwardedForHeaderName;
+                if (!string.IsNullOrEmpty(hostingConfig.ForwardedForHeaderName))
+                    options.ForwardedForHeaderName = hostingConfig.ForwardedForHeaderName;
 
-                if (!string.IsNullOrEmpty(appSettings.Get<HostingConfig>().ForwardedProtoHeaderName))
-                    options.ForwardedProtoHeaderName = appSettings.Get<HostingConfig>().ForwardedProtoHeaderName;
+                if (!string.IsNullOrEmpty(hostingConfig.ForwardedProtoHeaderName))
+                    options.ForwardedProtoHeaderName = hostingConfig.ForwardedProtoHeaderName;
 
-                if (!string.IsNullOrEmpty(appSettings.Get<HostingConfig>().KnownProxies))
+                options.KnownNetworks.Clear();
+                options.KnownProxies.Clear();
+
+                if (!string.IsNullOrEmpty(hostingConfig.KnownProxies))
                 {
-                    foreach (var strIp in appSettings.Get<HostingConfig>().KnownProxies.Split(',', StringSplitOptions.RemoveEmptyEntries).ToList())
+                    foreach (var strIp in hostingConfig.KnownProxies.Split(',', StringSplitOptions.RemoveEmptyEntries).ToList())
                     {
                         if (IPAddress.TryParse(strIp, out var ip))
                             options.KnownProxies.Add(ip);