From 0226b2cd1f80cf21fc15dd51318639923768913d Mon Sep 17 00:00:00 2001 From: Randall Leeds Date: Tue, 4 Feb 2014 00:26:03 -0800 Subject: [PATCH] Clarify secure scheme header warning in deploy doc Gunicorn doesn't restrict the X-Forwarded-For header, only the scheme header. --- docs/source/deploy.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/source/deploy.rst b/docs/source/deploy.rst index 4403f0e60..5b9d48fc8 100644 --- a/docs/source/deploy.rst +++ b/docs/source/deploy.rst @@ -107,9 +107,9 @@ This is to prevent a malicious client from forging these headers:: When the Gunicorn host is completely firewalled from the external network such that all connections come from a trusted proxy (e.g. Heroku) this value can be set to '*'. Using this value is **potentially dangerous** if connections to -Gunicorn may come from outside the network as clients can use this header to -forge the IP address Gunicorn sees, circumventing application rate limits and -reporting incorrect addresses in log files. +Gunicorn may come from untrusted proxies or directly from clients since the +application may be tricked into serving SSL-only content over an insecure +connection. Using Virtualenv ================