jingrow/gunicorn
1
0
Fork 0
mirror of https://github.com/frappe/gunicorn.git synced 2026-01-14 11:09:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Clarify secure scheme header warning in deploy doc

Browse Source 
Gunicorn doesn't restrict the X-Forwarded-For header, only the
scheme header.
This commit is contained in:
Randall Leeds 2014-02-04 00:26:03 -08:00
parent f375f929de
commit 0226b2cd1f
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/source/deploy.rst
View File

@ -107,9 +107,9 @@ This is to prevent a malicious client from forging these headers::
When the Gunicorn host is completely firewalled from the external network such When the Gunicorn host is completely firewalled from the external network such
that all connections come from a trusted proxy (e.g. Heroku) this value can that all connections come from a trusted proxy (e.g. Heroku) this value can
be set to '*'. Using this value is **potentially dangerous** if connections to be set to '*'. Using this value is **potentially dangerous** if connections to
Gunicorn may come from outside the network as clients can use this header to Gunicorn may come from untrusted proxies or directly from clients since the
forge the IP address Gunicorn sees, circumventing application rate limits and application may be tricked into serving SSL-only content over an insecure
reporting incorrect addresses in log files. connection.
Using Virtualenv Using Virtualenv
================ ================