You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a mechanism to prevent external queries to reach the metrics endpoints based on the presence or not of the X-Forwarded-Host header. Would it be possible to also check the presence of the X-Forwarded-For header (very often used when an application runs behind a reverse proxy) ?
We do not use the X-Forwarded-Host anywhere because the Host header is never changed.
Expected Behavior
Deny request when the DISABLE_EXTERNAL_ACCESSenv is set and the X-Forwarded-For header present in the request.
Actual Behavior
It only checks the presence of the X-Forwarded-Host header.
Environment
Operating system: all
The text was updated successfully, but these errors were encountered:
Description
There is a mechanism to prevent external queries to reach the metrics endpoints based on the presence or not of the
X-Forwarded-Hostheader. Would it be possible to also check the presence of theX-Forwarded-Forheader (very often used when an application runs behind a reverse proxy) ?We do not use the
X-Forwarded-Hostanywhere because the Host header is never changed.Expected Behavior
Deny request when the
DISABLE_EXTERNAL_ACCESSenv is set and theX-Forwarded-Forheader present in the request.Actual Behavior
It only checks the presence of the
X-Forwarded-Hostheader.Environment
The text was updated successfully, but these errors were encountered: