mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-21 07:55:00 +00:00
c6bccaaac0
Newer versions of Django axes have newly way to get the IP address of a client using ipware library. This has multiple security issues https://github.com/jazzband/django-axes/issues/286 . Workaround them by controlling the X-FORWARDED-FOR header sent from Apache to FreedomBox and by limiting the headers that ipware uses. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>