6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
7/26/25
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#6133] don't blindly trust x-forwarded-for
*
Your Email Address
*
Spam protection
Enter the letters below:
. ..___..__ __ . . |\/| | [__)/ `|\/| | | | | \__.| |
Comment
> The most important part for me is that the IP in horde logs and mail > headers should match. When our users log to horde, only conecting IP > is logged and only forwarded IP put into headers, which makes > searching very difficult. > > > > Providing both proxy and forwarded_for IP's is OK, but forwarded IP > is imho only useful if scripts will track trusted proxies as I > described (squid's forwarded_for patch does the same). This requires > list of trusted proxies/networks as horde/imp configuration option. > > > > Another option is to put all IP's of X-Forwarded-For: line to mail, > as special header (X-Forwarded-For) or list of Received: headers > (this could be very useful for spam checkers). If not all, at least > the trusted forwarded IP should be imho there, adding proxy is useful > too. > > > > Personally I would set up function for parsing client IP and > x-forwarded-for to provide 1-2 (last and first trusted) IP addresses, > which would be added to logged informations etc
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers