Andor Molnar created ZOOKEEPER-4860:
---------------------------------------
Summary: Disable X-Forwarded-For in IPAuthenticationProvider by
default
Key: ZOOKEEPER-4860
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4860
Project: ZooKeeper
Issue Type: Improvement
Components: security, server
Affects Versions: 3.9.2
Reporter: Andor Molnar
Assignee: Andor Molnar
Disable *X-Forwarded-For* header check in *IPAuthenticationProvider* by default
to improve reliability in client IP address detection.
X-Forwarded-For is not a standard header, it's not required and not needed
unless ZooKeeper is behind a proxy server. Relying on that when detecting
client IP address should be the exception, not the standard behaviour.
Therefore we should disable it by defult.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
