From 76713ffa40bae8942bd4e3958834dde9e983a84d Mon Sep 17 00:00:00 2001 From: Erik Karlsson Date: Wed, 29 Oct 2025 10:39:53 +0100 Subject: [PATCH] sulu: disregard client-provided X-Forwarded-For This prevents clients from lying about their identity to the MQTT broker by supplying their own X-Forwarded-For in the request. (cherry picked from commit 5631c28df4657190f15fc8183593eb7cda95eab2) --- sulu/sulu-builder/files/etc/sulu/nginx.locations | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sulu/sulu-builder/files/etc/sulu/nginx.locations b/sulu/sulu-builder/files/etc/sulu/nginx.locations index 4b5452cd7..600376c65 100644 --- a/sulu/sulu-builder/files/etc/sulu/nginx.locations +++ b/sulu/sulu-builder/files/etc/sulu/nginx.locations @@ -20,7 +20,7 @@ location /wss { proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Port $server_port;