You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 25, 2022. It is now read-only.
It seems like we pass the client IP address in the x-forwarded-for and fastly-client-ip headers. Ironically, the x-real-ip header set by runtime is not the real client IP, but a Fastly IP address.
I would suggest masking the client IP address hard so that it won't get passed into customer actions where it might get logged by accident.
The text was updated successfully, but these errors were encountered:
While looking at our Coralogix logs, I saw this Googlebot visit to helix-static:
It seems like we pass the client IP address in the
x-forwarded-for
andfastly-client-ip
headers. Ironically, thex-real-ip
header set by runtime is not the real client IP, but a Fastly IP address.I would suggest masking the client IP address hard so that it won't get passed into customer actions where it might get logged by accident.
The text was updated successfully, but these errors were encountered: