feat: Option to not trust X-Forwarded-* headers from clients

If header values from a malicious client are passed to the backend server unchecked and unchanged, the client may be able to subvert security checks done by the backend server.
2025-07-02 23:05:46 +00:00 · 2022-03-16 00:59:03 -04:00
parent 5f15f04556
commit 8aa00fcea2
11 changed files with 230 additions and 4 deletions
--- a/test/test_trust-downstream-proxy/test_default.yml
+++ b/test/test_trust-downstream-proxy/test_default.yml
@ -0,0 +1,16 @@
+web:
+  image: web
+  expose:
+    - "80"
+  environment:
+    WEB_PORTS: 80
+    VIRTUAL_HOST: web.nginx-proxy.tld
+    HTTPS_METHOD: noredirect
+
+
+sut:
+  image: nginxproxy/nginx-proxy:test
+  volumes:
+    - /var/run/docker.sock:/tmp/docker.sock:ro
+    - ./certs/web.nginx-proxy.tld.crt:/etc/nginx/certs/web.nginx-proxy.tld.crt:ro
+    - ./certs/web.nginx-proxy.tld.key:/etc/nginx/certs/web.nginx-proxy.tld.key:ro