RemoteIp: only trust X-Forwarded-For
Our nginx config will happily pass `Forwarded`/`X-Real-IP` from the client. Caddy, Apache and Varnish pass `X-Forwarded-For` as well anyway.
This commit is contained in:
parent
f5cb2af85a
commit
889965141a
|
@ -308,16 +308,15 @@ This will make Pleroma listen on `127.0.0.1` port `8080` and generate urls start
|
||||||
Available options:
|
Available options:
|
||||||
|
|
||||||
* `enabled` - Enable/disable the plug. Defaults to `false`.
|
* `enabled` - Enable/disable the plug. Defaults to `false`.
|
||||||
* `headers` - A list of strings naming the `req_headers` to use when deriving the `remote_ip`. Order does not matter. Defaults to `~w[forwarded x-forwarded-for x-client-ip x-real-ip]`.
|
* `headers` - A list of strings naming the `req_headers` to use when deriving the `remote_ip`. Order does not matter. Defaults to `["x-forwarded-for"]`.
|
||||||
* `proxies` - A list of strings in [CIDR](https://en.wikipedia.org/wiki/CIDR) notation specifying the IPs of known proxies. Defaults to `[]`.
|
* `proxies` - A list of strings in [CIDR](https://en.wikipedia.org/wiki/CIDR) notation specifying the IPs of known proxies. Defaults to `[]`.
|
||||||
* `reserved` - Defaults to [localhost](https://en.wikipedia.org/wiki/Localhost) and [private network](https://en.wikipedia.org/wiki/Private_network).
|
* `reserved` - Defaults to [localhost](https://en.wikipedia.org/wiki/Localhost) and [private network](https://en.wikipedia.org/wiki/Private_network).
|
||||||
|
|
||||||
|
|
||||||
### :rate_limit
|
### :rate_limit
|
||||||
|
|
||||||
This is an advanced feature and disabled by default.
|
!!! note
|
||||||
|
If your instance is behind a reverse proxy ensure [`Pleroma.Plugs.RemoteIp`](#pleroma-plugs-remoteip) is enabled (it is enabled by default).
|
||||||
If your instance is behind a reverse proxy you must enable and configure [`Pleroma.Plugs.RemoteIp`](#pleroma-plugs-remoteip).
|
|
||||||
|
|
||||||
A keyword list of rate limiters where a key is a limiter name and value is the limiter configuration. The basic configuration is a tuple where:
|
A keyword list of rate limiters where a key is a limiter name and value is the limiter configuration. The basic configuration is a tuple where:
|
||||||
|
|
||||||
|
|
|
@ -10,10 +10,7 @@ defmodule Pleroma.Plugs.RemoteIp do
|
||||||
@behaviour Plug
|
@behaviour Plug
|
||||||
|
|
||||||
@headers ~w[
|
@headers ~w[
|
||||||
forwarded
|
|
||||||
x-forwarded-for
|
x-forwarded-for
|
||||||
x-client-ip
|
|
||||||
x-real-ip
|
|
||||||
]
|
]
|
||||||
|
|
||||||
# https://en.wikipedia.org/wiki/Localhost
|
# https://en.wikipedia.org/wiki/Localhost
|
||||||
|
|
Loading…
Reference in a new issue