From 67ddc710a7f1f6c911e1c8a2196571fa9fca8f78 Mon Sep 17 00:00:00 2001 From: "andre.peters" Date: Wed, 24 Jan 2018 08:36:19 +0100 Subject: [PATCH] [Nginx] Set real IP from internal networks --- data/conf/nginx/site.conf | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf index ede9fe4a..8a896264 100644 --- a/data/conf/nginx/site.conf +++ b/data/conf/nginx/site.conf @@ -24,6 +24,7 @@ server { add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; + add_header X-Frame-Options "SAMEORIGIN"; add_header X-Permitted-Cross-Domain-Policies none; index index.php index.html; @@ -46,7 +47,10 @@ server { } # If behind reverse proxy, forwards the correct IP - set_real_ip_from 172.22.1.1; + set_real_ip_from 10.0.0.0/8; + set_real_ip_from 172.16.0.0/12; + set_real_ip_from 192.168.0.0/16; + set_real_ip_from fd00::/8; real_ip_header X-Forwarded-For; real_ip_recursive on; @@ -202,6 +206,7 @@ server { add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; + add_header X-Frame-Options "SAMEORIGIN"; add_header X-Permitted-Cross-Domain-Policies none; index index.php index.html; @@ -224,7 +229,10 @@ server { } # If behind reverse proxy, forwards the correct IP - set_real_ip_from 172.22.1.1; + set_real_ip_from 10.0.0.0/8; + set_real_ip_from 172.16.0.0/12; + set_real_ip_from 192.168.0.0/16; + set_real_ip_from fd00::/8; real_ip_header X-Forwarded-For; real_ip_recursive on;