No way to specify Unix domain clients as trusted using --forwarded-allow-ips

[bemoody]

When running uvicorn as a Unix-domain server using --uds, I want to report the correct remote address and protocol to the ASGI application.

That means that I want to honor the X-Forwarded-Proto header, and I want to honor the final entry in the X-Forwarded-For header, but I don't want to honor other entries in X-Forwarded-For unless they come from a trusted proxy.

From what I can tell, this is impossible: the only way to tell uvicorn to trust proxy headers from a Unix-domain client is to specify --forwarded-allow-ips *, which means "trust everyone in the world".

(For example, consider the recommended configuration at https://uvicorn.dev/deployment/#running-behind-nginx , which uses proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for. Without --forwarded-allow-ips, this header has no effect. With --forwarded-allow-ips *, any client is allowed to spoof any IP address.)

It would be nice to be able to say something like --forwarded-allow-ips 192.168.123.45,unix:. To make that work, I think the following change would be sufficient:

--- a/uvicorn/middleware/proxy_headers.py
+++ b/uvicorn/middleware/proxy_headers.py
@@ -29,7 +29,7 @@ class ProxyHeadersMiddleware:
             return await self.app(scope, receive, send)
 
         client_addr = scope.get("client")
-        client_host = client_addr[0] if client_addr else None
+        client_host = client_addr[0] if client_addr else "unix:"
 
         if client_host in self.trusted_hosts:
             headers = dict(scope["headers"])

But this could probably be more robust.

I also note that https://uvicorn.dev/deployment/#proxies-and-forwarded-headers says:

Uvicorn can be configured to trust IP Addresses (e.g. 127.0.0.1), IP Networks (e.g. 10.100.0.0/16), or Literals (e.g. /path/to/socket.sock).

I think this comment is misleading; using a server socket path as a "Literal" doesn't work.