You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm reopening #1309 as, if I understand correctly, it hasn't been fixed:
Currently, if you deploy nginx-ingress-controller facing directly to the internet (via NodePort/HostPort or a LoadBalancer service), end users can spoof their IP by sending an X-Forwarded-For header, which will be forwarded to the backend services. Same for the other X-Forwarded headers.
By looking at the template, there seems no config option to disable this.
It would be great to have one - in the current state the nginx ingress is insecure by default when exposing it directly to the internet.
The text was updated successfully, but these errors were encountered:
I'm reopening #1309 as, if I understand correctly, it hasn't been fixed:
Currently, if you deploy nginx-ingress-controller facing directly to the internet (via NodePort/HostPort or a LoadBalancer service), end users can spoof their IP by sending an X-Forwarded-For header, which will be forwarded to the backend services. Same for the other X-Forwarded headers.
By looking at the template, there seems no config option to disable this.
It would be great to have one - in the current state the nginx ingress is insecure by default when exposing it directly to the internet.
The text was updated successfully, but these errors were encountered: