From 5db5700936264ed072f97aa6d9270a5f741f5314 Mon Sep 17 00:00:00 2001
From: Stephen Smoogen <smooge@smoogespace.com>
Date: Tue, 6 Apr 2021 12:25:44 -0400
Subject: [PATCH] This will allow for X forwarded to be set for hosts which
 need it. [Currently only debuginfod]

---
 playbooks/include/proxies-websites.yml     | 1 +
 roles/httpd/website/templates/website.conf | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml
index a47c1c693a..12a7b6cea4 100644
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -973,6 +973,7 @@
     site_name: debuginfod.fedoraproject.org
     sslonly: true
     server_aliases: [debuginfod.stg.fedoraproject.org]
+    x_forward: true
     cert_name: "{{wildcard_cert_name}}"
     tags: debuginfod
 
diff --git a/roles/httpd/website/templates/website.conf b/roles/httpd/website/templates/website.conf
index d759139128..705fee06ee 100644
--- a/roles/httpd/website/templates/website.conf
+++ b/roles/httpd/website/templates/website.conf
@@ -6,7 +6,11 @@
   ServerAdmin {{ server_admin }}
   TraceEnable Off
 
+{% if x_forward %}
+#  RequestHeader unset X-Forwarded-For
+{% else %}
   RequestHeader unset X-Forwarded-For
+{% endif %}
 
 {% if gzip %}
   SetOutputFilter DEFLATE
@@ -46,7 +50,11 @@
 {% endif %}
   ServerAdmin {{ server_admin }}
 
+{% if x_forward %}
+#  RequestHeader unset X-Forwarded-For
+{% else %}
   RequestHeader unset X-Forwarded-For
+{% endif %}
 
 {% if ansible_distribution == 'Fedora' and use_h2 %}
   Protocols h2 http/1.1