There is a 3rd option which IMO is slightly less terrible but probably still an ops wart.
* Add a config option that is the list of trusted IPs (ie proxy servers) and only use the X-Forwarded-For header if the actual peer address is in that list. There is no sane default that will work for ops so if we go this way we'll need to call it out in the release notes / OSSA
Yes this moves the trust issue to the proxy server/load balancer squid[1] and f5 have trivial ways to do that.
There is a 3rd option which IMO is slightly less terrible but probably still an ops wart.
* Add a config option that is the list of trusted IPs (ie proxy servers) and only use the X-Forwarded-For header if the actual peer address is in that list. There is no sane default that will work for ops so if we go this way we'll need to call it out in the release notes / OSSA
Yes this moves the trust issue to the proxy server/load balancer squid[1] and f5 have trivial ways to do that.
[1] http:// www.squid- cache.org/ Doc/config/ forwarded_ for/ /devcentral. f5.com/ questions/ prevent- x-forwarded- for-spoofing
[2] https:/