On Thu, Jan 14, 2021, at 02:45, Maxim Dounin wrote:
>
> Another question is how often it is used properly. Given it
> requires update of two headers, at least one of them being very
> rare, I would assume the answer is "almost never". But again, it
> has nothing to do with $proxy_add_x_for
Hello!
On Wed, Jan 13, 2021 at 11:39:13PM +0900, nanaya wrote:
> On Wed, Jan 13, 2021, at 22:53, Maxim Dounin wrote:
> > It's not "dangerous config", it's incorrect usage of
> > X-Forwarded-For which might be dengerous. In the most simply
> > configuration with a single server the X-Forwarded-
On Wed, Jan 13, 2021, at 22:53, Maxim Dounin wrote:
> It's not "dangerous config", it's incorrect usage of
> X-Forwarded-For which might be dengerous. In the most simply
> configuration with a single server the X-Forwarded-For header
> comes directly from the client, without anything added by n
Hello!
On Wed, Jan 13, 2021 at 06:50:47AM +0900, nanaya wrote:
> On Wed, Jan 13, 2021, at 02:46, Maxim Dounin wrote:
> > The X-Forwarded-For is expected to contain multiple addresses, with
> > the last one being from the last proxy. It is up to the reader of
> > the header to trust or not part
On Wed, Jan 13, 2021, at 02:46, Maxim Dounin wrote:
> The X-Forwarded-For is expected to contain multiple addresses, with
> the last one being from the last proxy. It is up to the reader of
> the header to trust or not particular values from the header.
>
> For example, in the realip module n
Hello!
On Tue, Jan 12, 2021 at 11:14:50PM +0900, nanaya wrote:
> Should there be warning in documentation on usage of
> $proxy_add_x_forwarded_for for X-Forwarded-For proxy header on edge proxies?
>
> I keep seeing config examples with proxy settings like this:
>
> proxy_set_header X-Forwarded
Should there be warning in documentation on usage of $proxy_add_x_forwarded_for
for X-Forwarded-For proxy header on edge proxies?
I keep seeing config examples with proxy settings like this:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Which doesn't make sense on edge servers as
