summaryrefslogtreecommitdiff
path: root/modules/caddyhttp/reverseproxy
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2020-12-10 16:09:30 -0700
committerMatthew Holt <mholt@users.noreply.github.com>2020-12-10 16:09:30 -0700
commitdeedf8abb036bdc096360bd6f06df17a6cff9799 (patch)
tree19505f3043a3d0764db1b5bcec5f0c4ffe6a820e /modules/caddyhttp/reverseproxy
parent63bda6a0dc97e02d32865c31b5e46d2ead86ac7b (diff)
caddyhttp: Optionally use forwarded IP for remote_ip matcher
The remote_ip matcher was reading the X-Forwarded-For header by default, but this behavior was not documented in anything that was released. This is also a less secure default, as it is trivially easy to spoof request headers. Reading IPs from that header should be optional, and it should not be the default. This is technically a breaking change, but anyone relying on the undocumented behavior was just doing so by coincidence/luck up to this point since it was never in any released documentation. We'll still add a mention in the release notes about this.
Diffstat (limited to 'modules/caddyhttp/reverseproxy')
0 files changed, 0 insertions, 0 deletions