bolkedebruin 13323f56cb Honor X-Forwarded-For only from a trusted-proxy CIDR (#189) ...

EnrichContext used to copy the first X-Forwarded-For entry into the
request identity unconditionally. The resulting AttrClientIp drives
client-IP comparisons later in the gateway-access flow, and a direct
caller could set XFF to anything they liked.

Add a small package-level allow-list:

* InitTrustedProxies(cidrs) parses operator-supplied CIDRs once at
  startup. A bad CIDR is fatal, an empty list disables XFF entirely.
* EnrichContext takes the client IP from r.RemoteAddr (host portion)
  and only swaps in the first X-Forwarded-For entry when r.RemoteAddr
  itself sits in a trusted-proxy CIDR. AttrProxies is set from the
  remaining XFF entries on the same condition.

Wire Server.TrustedProxies through configuration.go to web.

2026-04-30 18:47:46 +02:00

..

config

Honor X-Forwarded-For only from a trusted-proxy CIDR (#189)

2026-04-30 18:47:46 +02:00

identity

Refactor identity and http routing

2022-10-18 09:36:41 +02:00

kdcproxy

Use list of kdcs and ensure length is removed / added when necessary

2024-03-16 13:10:30 +01:00

protocol

Harden three small panic / race paths (#186)

2026-04-30 14:38:36 +02:00

rdp

Strip ASCII control bytes from rendered RDP string fields (#183)

2026-04-30 13:33:35 +02:00

security

Make the PAA cookie self-contained and shrink it (#187)

2026-04-30 18:22:22 +02:00

templates

detect html as not being authenticated anymore

2025-09-26 19:18:47 +02:00

transport

Finalize rdp templating

2023-05-15 10:43:38 +02:00

web

Honor X-Forwarded-For only from a trusted-proxy CIDR (#189)

2026-04-30 18:47:46 +02:00

main.go

Honor X-Forwarded-For only from a trusted-proxy CIDR (#189)

2026-04-30 18:47:46 +02:00