6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
12/18/25
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#6133] don't blindly trust x-forwarded-for
*
Your Email Address
*
Spam protection
Enter the letters below:
. .\ /.__ .__ . . | | >< [__)| \|\ | |/\|/ \| |__/| \|
Comment
> there are some places in horde where X-Forwarded-For header is used > for specifying IP the connection came from. The X-Forwarded-For is > provided by client that can send anything and it will be used. > > This results in e.g. mail headers containing internal IP's > unreachable from server telling nothing to the admin. > > > > Please make usage of X-Forwarded-For optional. The best solution > allowing to trust some (e.g. own) proxies would be to have list of > trusted proxies and check REMOTE_ADDR and HTTP_X_FORWARDED_FOR (from > last to first) if they match trusted proxy and use the fuirst > untrusted IP in the list. > >
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers