Document REAL_IP_HEADER and REAL_IP_FROM
Fix a security vulnerability whereby we were not clearing other headersmaster
parent
6bba0cecfc
commit
394c2fe22c
@ -1,7 +1,12 @@
|
||||
# Default proxy setup
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header True-Client-IP $remote_addr;
|
||||
proxy_set_header Forwarded "";
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
||||
{% if REAL_IP_HEADER and REAL_IP_FROM %}
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
{% else %}
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
{% endif %}
|
||||
proxy_http_version 1.1;
|
||||
|
Loading…
Reference in New Issue