New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Filtering multiple proxy server IPs #2055
Comments
Should support CIDR notation (previously suggested for SitesManager in #1775). For example, CloudFlare's IP range is:
|
This ticket will also handle the use case described in #2077 of filtering out private and reserved IP addresses, e.g.,
|
(In [4533]) fixes #1111 - add support for IPv6 addresses (tracking, anonymization, and exclusion) Notes:
|
The filter fails on IPv6 addresses because the IPv6 address in HTTP-X-Forwarded-Host is in square brackets. The filter also fails on domain names because the filter assumes the list only contains IP addresses. (Regression) |
(In [4539]) refs #2055 - add unit tests |
(In [4540]) fixes #2055 |
The current implementation relies on user to configure the set of trusted proxy_host_headers and proxy_client_headers, and takes the last IP in a list.
Where there are multiple proxy server IPs, these IPs should be skipped, if any appear in the header.
Note: this isn't a typical use case, but is a feature that I've seen elsewhere (eg Drupal).
The text was updated successfully, but these errors were encountered: