Allowed proxy addresses for X-Forwarded-For
-
I don’t see an option to allow specific proxies when using “$_SERVER keys to retrieve extra IP addresses”.
It’s best to do that at the server side, however I think it should be included in the settings if allowing the option to use IPs from the request headers.For example for a website proxied through Cloudflare should only allow setting the real IP from the “X-Forwarded-For” header for requests originating from Cloudflare’s IP addresses otherwise the IP can be easily spoofed.
- The topic ‘Allowed proxy addresses for X-Forwarded-For’ is closed to new replies.
