@ -254,7 +254,7 @@ Spring Cloud Gateway comes with one non-default remote address resolver which is
@@ -254,7 +254,7 @@ Spring Cloud Gateway comes with one non-default remote address resolver which is
`XForwardedRemoteAddressResolver::trustAll` returns a `RemoteAddressResolver` which always takes the first IP address found in the `X-Forwarded-For` header.
This approach is vulnerable to spoofing, as a malicious client could set an initial value for the `X-Forwarded-For` which would be accepted by the resolver.
`XForwardedRemoteAddressResolver::maxTrustedIndexX` takes an index which correlates to the number of trusted infrastructure running in front of Spring Cloud Gateway.
`XForwardedRemoteAddressResolver::maxTrustedIndex` takes an index which correlates to the number of trusted infrastructure running in front of Spring Cloud Gateway.
If Spring Cloud Gateway is, for example only accessible via HAProxy, then a value of 1 should be used.
If two hops of trusted infrastructure are required before Spring Cloud Gateway is accessible, then a value of 2 should be used.
Andrew Fitzgerald
7 years ago
committed by
Spencer Gibb