diff options
author | Matthew Holt <[email protected]> | 2020-12-10 16:09:30 -0700 |
---|---|---|
committer | Matthew Holt <[email protected]> | 2020-12-10 16:09:30 -0700 |
commit | deedf8abb036bdc096360bd6f06df17a6cff9799 (patch) | |
tree | 19505f3043a3d0764db1b5bcec5f0c4ffe6a820e /modules/caddyhttp/reverseproxy/selectionpolicies.go | |
parent | 63bda6a0dc97e02d32865c31b5e46d2ead86ac7b (diff) | |
download | caddy-deedf8abb036bdc096360bd6f06df17a6cff9799.tar.gz caddy-deedf8abb036bdc096360bd6f06df17a6cff9799.zip |
caddyhttp: Optionally use forwarded IP for remote_ip matcherv2.3.0-rc.1
The remote_ip matcher was reading the X-Forwarded-For header by default, but this behavior was not documented in anything that was released. This is also a less secure default, as it is trivially easy to spoof request headers. Reading IPs from that header should be optional, and it should not be the default.
This is technically a breaking change, but anyone relying on the undocumented behavior was just doing so by coincidence/luck up to this point since it was never in any released documentation. We'll still add a mention in the release notes about this.
Diffstat (limited to 'modules/caddyhttp/reverseproxy/selectionpolicies.go')
0 files changed, 0 insertions, 0 deletions