diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2020-12-10 16:09:30 -0700 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2020-12-10 16:09:30 -0700 |
commit | deedf8abb036bdc096360bd6f06df17a6cff9799 (patch) | |
tree | 19505f3043a3d0764db1b5bcec5f0c4ffe6a820e /modules/caddyhttp/reverseproxy | |
parent | 63bda6a0dc97e02d32865c31b5e46d2ead86ac7b (diff) |
caddyhttp: Optionally use forwarded IP for remote_ip matcher
The remote_ip matcher was reading the X-Forwarded-For header by default, but this behavior was not documented in anything that was released. This is also a less secure default, as it is trivially easy to spoof request headers. Reading IPs from that header should be optional, and it should not be the default.
This is technically a breaking change, but anyone relying on the undocumented behavior was just doing so by coincidence/luck up to this point since it was never in any released documentation. We'll still add a mention in the release notes about this.
Diffstat (limited to 'modules/caddyhttp/reverseproxy')
0 files changed, 0 insertions, 0 deletions