aboutsummaryrefslogtreecommitdiffstats
path: root/prosodyctl
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2023-06-03 21:53:20 +0200
committerKim Alvefur <zash@zash.se>2023-06-03 21:53:20 +0200
commit16381e754de9c633c080784286ff2b141299e136 (patch)
tree2a2bf0e4d16d58524f63e58da293420d6890d977 /prosodyctl
parent8c92b32b7aa5b1457663bf39c4891fcc11fce8e5 (diff)
downloadprosody-16381e754de9c633c080784286ff2b141299e136.tar.gz
prosody-16381e754de9c633c080784286ff2b141299e136.zip
mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Supporting both methods at the same time may open to spoofing attacks, whereby a client sends a Forwarded header that is not stripped by a reverse proxy, leading Prosody to use that instead of the X-Forwarded-* headers actually sent by the proxy. By only supporting one at a time, it can be configured to match what the proxy uses. Disabled by default since implementations are sparse and X-Forwarded-* are everywhere.
Diffstat (limited to 'prosodyctl')
0 files changed, 0 insertions, 0 deletions