From 0af1fd4635f559b36fb9ca5867840b9a39ec860b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Wenzel?= <bjoern.wenzel@dbschenker.com>
Date: Mon, 4 May 2020 18:41:23 +0200
Subject: [PATCH] Fix #241 by removing x-forwarded-for header from request to
 aws

---
 server/server.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/server/server.go b/server/server.go
index 4ad8f201..38a97f64 100644
--- a/server/server.go
+++ b/server/server.go
@@ -9,6 +9,7 @@ import (
 	"net/http"
 	"net/http/httputil"
 	"net/url"
+	"regexp"
 	"strconv"
 	"strings"
 	"time"
@@ -42,6 +43,8 @@ const (
 	healthcheckInterval               = 30 * time.Second
 )
 
+var tokenRouteRegexp = regexp.MustCompile("^/?[^/]+/api/token$")
+
 // Keeps track of the names of registered handlers for metric value/label initialization
 var registeredHandlerNames []string
 
@@ -358,6 +361,12 @@ func (s *Server) roleHandler(logger *log.Entry, w http.ResponseWriter, r *http.R
 }
 
 func (s *Server) reverseProxyHandler(logger *log.Entry, w http.ResponseWriter, r *http.Request) {
+	// Remove remoteaddr to prevent issues with new IMDSv2 to fail when x-forwarded-for header is present
+	// for more details please see: https://github.com/aws/aws-sdk-ruby/issues/2177 https://github.com/uswitch/kiam/issues/359
+	if r.Method == http.MethodPut && tokenRouteRegexp.MatchString(r.URL.Path) {
+		r.RemoteAddr = ""
+	}
+
 	proxy := httputil.NewSingleHostReverseProxy(&url.URL{Scheme: "http", Host: s.MetadataAddress})
 	proxy.ServeHTTP(w, r)
 	logger.WithField("metadata.url", s.MetadataAddress).Debug("Proxy ec2 metadata request")