[
https://issues.apache.org/jira/browse/ZOOKEEPER-4860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17882447#comment-17882447
]
Andor Molnar commented on ZOOKEEPER-4860:
-----------------------------------------
ping [~liwang]
> Disable X-Forwarded-For in IPAuthenticationProvider by default
> --------------------------------------------------------------
>
> Key: ZOOKEEPER-4860
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4860
> Project: ZooKeeper
> Issue Type: Improvement
> Components: security, server
> Affects Versions: 3.9.2
> Reporter: Andor Molnar
> Assignee: Andor Molnar
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.10.0, 3.9.3
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Disable *X-Forwarded-For* header check in *IPAuthenticationProvider* by
> default to improve reliability in client IP address detection.
> X-Forwarded-For is not a standard header, it's not required and not needed
> unless ZooKeeper is behind a proxy server. Relying on that when detecting
> client IP address should be the exception, not the standard behaviour.
> Therefore we should disable it by defult.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
