diff --git a/java/google/registry/proxy/handler/ProxyProtocolHandler.java b/java/google/registry/proxy/handler/ProxyProtocolHandler.java index f86760658..2612f14d3 100644 --- a/java/google/registry/proxy/handler/ProxyProtocolHandler.java +++ b/java/google/registry/proxy/handler/ProxyProtocolHandler.java @@ -81,6 +81,15 @@ public class ProxyProtocolHandler extends ByteToMessageDecoder { remoteIP = headerArray[2]; logger.atFine().log( "Header parsed, using %s as remote IP for channel %s", remoteIP, ctx.channel()); + // If the header is "PROXY UNKNOWN" + // (see https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt), likely when the + // remote connection to the external load balancer is through special means, make it + // 0.0.0.0 so that it can be treated accordingly by the relevant quota configs. + } else if (headerArray.length == 2 && headerArray[1].equals("UNKNOWN")) { + logger.atFine().log( + "Header parsed, source IP unknown, using 0.0.0.0 as remote IP for channel %s", + ctx.channel()); + remoteIP = "0.0.0.0"; } else { logger.atFine().log( "Cannot parse the header, using source IP as remote IP for channel %s", diff --git a/javatests/google/registry/proxy/handler/ProxyProtocolHandlerTest.java b/javatests/google/registry/proxy/handler/ProxyProtocolHandlerTest.java index fa7b8f2bd..62c885d1b 100644 --- a/javatests/google/registry/proxy/handler/ProxyProtocolHandlerTest.java +++ b/javatests/google/registry/proxy/handler/ProxyProtocolHandlerTest.java @@ -57,7 +57,7 @@ public class ProxyProtocolHandlerTest { assertThat(channel.writeInbound(Unpooled.wrappedBuffer((header + message).getBytes(UTF_8)))) .isTrue(); assertThat(((ByteBuf) channel.readInbound()).toString(UTF_8)).isEqualTo(message); - assertThat(channel.attr(REMOTE_ADDRESS_KEY).get()).isNull(); + assertThat(channel.attr(REMOTE_ADDRESS_KEY).get()).isEqualTo("0.0.0.0"); assertThat(channel.pipeline().get(ProxyProtocolHandler.class)).isNull(); assertThat(channel.isActive()).isTrue(); }