Feature Request: write error logs when detecting duplicate httpheaders

Piotr Sikora piotr.sikora at frickle.com
Tue Jun 7 20:04:40 MSD 2011


Hi,

> Also, for headers like "X-Forwarded-For", attackers can intentionaly 
> inject serveral spoofed ip addresses.

Of course, that's why you should _never_ trust the data that comes from the 
systems outside of your control.

Best regards,
Piotr Sikora < piotr.sikora at frickle.com >




More information about the nginx mailing list