Fix spoofable X-Forwarded-For header for some proxied services (!416) · Merge requests · Arch Linux / infrastructure

Kristian Klausen requested to merge klausenbusk/infrastructure:x-forwarded-for into master Jun 06, 2021

X-Forwarded-For is defined as X-Forwarded-For: , , , and it was set to $proxy_add_x_forwarded_for which is basically http_x_forwarded_for,remote_addr and headers from the client can't be trusted!

Fix #292 (closed)

Already deployed

Edited Jun 06, 2021 by Kristian Klausen

Admin message

Fix spoofable X-Forwarded-For header for some proxied services

Merge request reports