Stefan Egli created SLING-3015:
----------------------------------
Summary: Take X-Forwarded-For into account for IP whitelisting
Key: SLING-3015
URL: https://issues.apache.org/jira/browse/SLING-3015
Project: Sling
Issue Type: Improvement
Components: Extensions
Affects Versions: Discovery Impl 1.0.0
Reporter: Stefan Egli
Assignee: Stefan Egli
Currently, the IP whitelisting for incoming topology connections of the
discovery.impl uses 'getRequestHost/Addr' to decide if it wants to accept a
connection or not. This is not sufficient in the case, where a server is behind
eg a reverse proxy. In such cases it would simply get the reverse proxy's
address, voiding the IP whitelisting feature.
To improve this situation, the X-Forwarded-For header field should be evaluated
optionally too.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
