Aspnetcore.docs: Could you explain what are the consequences of setting ForwardLimit to null?
Documentation for ForwardLimit says: "Set to null to disable the limit, but this should only be done if KnownProxies or KnownNetworks are configured." Could you, please, add some comments to the documentation what the consequences of ignoring the recommendation are? I guess this can compromise security, but how exactly?
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: e548cd16-b06c-5802-a1a7-c627167857ae
- Version Independent ID: c48abb08-bea3-dcff-c067-2edf5dc9b3a6
- Content: Configure ASP.NET Core to work with proxy servers and load balancers
- Content Source: aspnetcore/host-and-deploy/proxy-load-balancer.md
- Product: aspnet-core
- Technology: aspnetcore-hostdeploy
- GitHub Login: @guardrex
- Microsoft Alias: riande
voroninp
>All comments
Hello @voroninp ...
The remark comes from the API comment at ...
From the following remarks on a related issues, it's a simple precaution for both misconfigured proxies and security of the proxy chain ...
proxy is misconfigured ... or the request is coming from a potentially malicious side-channel
From: https://github.com/aspnet/AspNetCore/issues/10302
There's no way we can actually figure out your proxy setup, and an attacker can, of course, add their own X-Forwarded-For header, with misconfigured proxies not stripping it at all. Thus, if you know you have chained proxies then you need to tell the middleware about them. Set the ForwardLimit on the ForwardedHeaderOptions.
From: https://github.com/aspnet/AspNetCore/issues/8471#issuecomment-472421839
There are a few things here to address ...
- Remark that setting either the limit or the known good proxies/networks is a security and misconfiguration guardrail.
How the
ForwardLimitaffects _which address will be taken as the client IP_ is buried. That content should also appear in theForwardLimitoption description.The default
ForwardLimitis 1 (one), so only the rightmost value from the headers is processed unless the value ofForwardLimitis increased.
I'll get a PR in within a couple of weeks to address these problems. Thanks for opening this issue.
guardrex
on 4 Jul 2019
Related issues
madelson
·
3Comments
danroth27
·
3Comments
Rick-Anderson
·
3Comments
Rick-Anderson
·
3Comments
wgutierrezr
·
3Comments
Most helpful comment
Hello @voroninp ...
The remark comes from the API comment at ...
https://github.com/aspnet/AspNetCore/blob/master/src/Middleware/HttpOverrides/src/ForwardedHeadersOptions.cs#L55-L56
From the following remarks on a related issues, it's a simple precaution for both misconfigured proxies and security of the proxy chain ...
From: https://github.com/aspnet/AspNetCore/issues/10302
From: https://github.com/aspnet/AspNetCore/issues/8471#issuecomment-472421839
There are a few things here to address ...
How the
ForwardLimitaffects _which address will be taken as the client IP_ is buried. That content should also appear in theForwardLimitoption description.From: Troubleshoot section of the topic
I'll get a PR in within a couple of weeks to address these problems. Thanks for opening this issue.