Skip to content
Snippets Groups Projects

Fix spoofable X-Forwarded-For header for some proxied services

Merged Fix spoofable X-Forwarded-For header for some proxied services
klausenbusk/infrastructure:x-forwarded-for into master
Merged Kristian Klausen requested to merge klausenbusk/infrastructure:x-forwarded-for into master

X-Forwarded-For is defined as X-Forwarded-For: , , , and it was set to $proxy_add_x_forwarded_for which is basically

http_x_forwarded_for,
remote_addr and headers from the client can't be trusted!

Fix #292 (closed)

Already deployed

Edited by Kristian Klausen

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply