You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
Having support for the Forwarded header would be really useful. The issue with relying on X-Forwarded-For is that those can be forged easily. The Forwarded header supports adding a secret key so that downstream sources can validate that the header actually coming from your proxy.
If there was a way to restrict the existing X-Forwarded-* headers so they only applied to certain IP ranges that would be great. If we could have a built-in option to dynamically load IP ranges from CloudFlare upon start (with a refresh once a week) that would be a really fantastic solution.
Description:
Having support for the Forwarded header would be really useful. The issue with relying on X-Forwarded-For is that those can be forged easily. The
Forwarded
header supports adding a secret key so that downstream sources can validate that the header actually coming from your proxy.If there was a way to restrict the existing X-Forwarded-* headers so they only applied to certain IP ranges that would be great. If we could have a built-in option to dynamically load IP ranges from CloudFlare upon start (with a refresh once a week) that would be a really fantastic solution.
[optional Relevant Links:]
https://datatracker.ietf.org/doc/html/rfc7239
https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/
https://www.cloudflare.com/ips/
The text was updated successfully, but these errors were encountered: