Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nginx: Option to not use incoming X-Forwarded headers #1309

Closed
Dirbaio opened this issue Sep 7, 2017 · 2 comments
Closed

nginx: Option to not use incoming X-Forwarded headers #1309

Dirbaio opened this issue Sep 7, 2017 · 2 comments

Comments

@Dirbaio
Copy link
Contributor

Dirbaio commented Sep 7, 2017

Currently, if you deploy nginx-ingress-controller facing directly to the internet (via NodePort/HostPort or a LoadBalancer service), end users can spoof their IP by sending an X-Forwarded-For header, which will be forwarded to the backend services. Same for the other X-Forwarded headers.

By looking at the template, there seems no config option to disable this.

It would be great to have one - in the current state the nginx ingress is insecure by default when exposing it directly to the internet.

@aledbf
Copy link
Member

aledbf commented Sep 7, 2017

Closing. This option is being added here #1222

@aledbf aledbf closed this as completed Sep 7, 2017
@albertvaka
Copy link
Contributor

#1222 doesn't fix the bug, unless you use Proxy Protocol. Please reopen @aledbf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants