From 5631c28df4657190f15fc8183593eb7cda95eab2 Mon Sep 17 00:00:00 2001
From: Erik Karlsson <erik.karlsson@iopsys.eu>
Date: Wed, 29 Oct 2025 10:39:53 +0100
Subject: [PATCH] sulu: disregard client-provided X-Forwarded-For

This prevents clients from lying about their identity to the MQTT
broker by supplying their own X-Forwarded-For in the request.
---
 sulu/sulu-builder/files/etc/sulu/nginx.locations | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sulu/sulu-builder/files/etc/sulu/nginx.locations b/sulu/sulu-builder/files/etc/sulu/nginx.locations
index af48faf69..6f005dfd0 100644
--- a/sulu/sulu-builder/files/etc/sulu/nginx.locations
+++ b/sulu/sulu-builder/files/etc/sulu/nginx.locations
@@ -16,7 +16,7 @@ location /wss {
 	proxy_set_header Connection $connection_upgrade;
 	proxy_set_header    Host               $host;
 	proxy_set_header    X-Real-IP          $remote_addr;
-	proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
+	proxy_set_header    X-Forwarded-For    $remote_addr;
 	proxy_set_header    X-Forwarded-Host   $host;
 	proxy_set_header    X-Forwarded-Server $host;
 	proxy_set_header    X-Forwarded-Port   $server_port;