Files
@ f08fbf424898
Branch filter:
Location: kallithea/setup.cfg - annotation
f08fbf424898
836 B
text/x-ini
auth: don't trust clients too much - only trust the *last* IP in the X-Forwarded-For header
The X-Forwarded-For header contains a list of IP addresses, where each
proxy server appends the IP they see their request coming from.
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For .
Trusting the *first* IP in HTTP_X_FORWARDED_FOR would allow clients to claim
any IP, which could be used to bypass IP restrictions configured in Kallithea.
Instead, only trust the last proxy in the chain, and thus only use the *last*
IP in HTTP_X_FORWARDED_FOR. (In setups where more than last IP should be
trusted, the last proxy server in the chain must be configured rewrite the
header accordingly.)
The X-Forwarded-For header contains a list of IP addresses, where each
proxy server appends the IP they see their request coming from.
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For .
Trusting the *first* IP in HTTP_X_FORWARDED_FOR would allow clients to claim
any IP, which could be used to bypass IP restrictions configured in Kallithea.
Instead, only trust the last proxy in the chain, and thus only use the *last*
IP in HTTP_X_FORWARDED_FOR. (In setups where more than last IP should be
trusted, the last proxy server in the chain must be configured rewrite the
header accordingly.)
564e40829f80 1949ece749ce acaa02179aeb acaa02179aeb 564e40829f80 d88077fae3d6 d88077fae3d6 8c1258f69892 564e40829f80 7e5f8c12a3fc 7e5f8c12a3fc 564e40829f80 564e40829f80 564e40829f80 564e40829f80 7e5f8c12a3fc 10df28cbcce7 ad38f9f93b3b 564e40829f80 564e40829f80 7e5f8c12a3fc 7e5f8c12a3fc 7e5f8c12a3fc 564e40829f80 564e40829f80 7e5f8c12a3fc 7e5f8c12a3fc 7e5f8c12a3fc 564e40829f80 0a48c1ec04fc 0a48c1ec04fc 0a48c1ec04fc acaa02179aeb acaa02179aeb 0a48c1ec04fc 0a48c1ec04fc 3483de9d11e5 278cc5936ed5 278cc5936ed5 278cc5936ed5 278cc5936ed5 278cc5936ed5 278cc5936ed5 278cc5936ed5 278cc5936ed5 278cc5936ed5 278cc5936ed5 278cc5936ed5 | [egg_info]
tag_build =
tag_svn_revision = 0
tag_date = 0
[aliases]
test = pytest
[compile_catalog]
domain = kallithea
directory = kallithea/i18n
statistics = true
[extract_messages]
add_comments = TRANSLATORS:
output_file = kallithea/i18n/kallithea.pot
msgid-bugs-address = translations@kallithea-scm.org
copyright-holder = Various authors, licensing as GPLv3
[init_catalog]
domain = kallithea
input_file = kallithea/i18n/kallithea.pot
output_dir = kallithea/i18n
[update_catalog]
domain = kallithea
input_file = kallithea/i18n/kallithea.pot
output_dir = kallithea/i18n
previous = true
[build_sphinx]
source-dir = docs/
build-dir = docs/_build
all_files = 1
[upload_sphinx]
upload-dir = docs/_build/html
[pytype]
inputs =
kallithea
setup.py
exclude =
**/test_*.py
disable =
pyi-error
keep_going = True
#jobs = 3
|