Once the necessary infrastructure changes are in place, we need to switch from using the X-Forwarded-For HTTP header to using the X-Real-IP HTTP header for retrieving the client's IP address.
Description:
Currently, our JSON RPC system fetches the client's IP address from the X-Forwarded-For HTTP header. This approach has known security risks as the X-Forwarded-For header can be manipulated, which could lead to IP spoofing. We plan to shift to using the X-Real-IP header, which is more secure and reliable, for fetching the client's IP address.
This issue is dependent on updates to our infrastructure that are currently underway. Once those updates are complete, we will be able to make the switch.
Steps:
Update JSON RPC IP Extraction:
Modify the relevant JSON RPC methods to fetch the client's IP address from the X-Real-IP HTTP header.
Implement IP Validation:
Ensure the IP address fetched from the X-Real-IP header is validated for format correctness and validity.
Talk with Xavi if we need to enforce to have always non-empty and valid IP address in the header. (currently it is not enforced)
Motivation:
Switching to X-Real-IP for IP extraction will enhance our system's security by protecting against IP spoofing attacks. This change is critical to maintaining the integrity of our transaction logs and the overall reliability of our services.
Summary:
Once the necessary infrastructure changes are in place, we need to switch from using the
X-Forwarded-For
HTTP header to using theX-Real-IP
HTTP header for retrieving the client's IP address.Description:
Currently, our JSON RPC system fetches the client's IP address from the
X-Forwarded-For
HTTP header. This approach has known security risks as theX-Forwarded-For
header can be manipulated, which could lead to IP spoofing. We plan to shift to using theX-Real-IP
header, which is more secure and reliable, for fetching the client's IP address.This issue is dependent on updates to our infrastructure that are currently underway. Once those updates are complete, we will be able to make the switch.
Steps:
Update JSON RPC IP Extraction:
X-Real-IP
HTTP header.Implement IP Validation:
X-Real-IP
header is validated for format correctness and validity.Talk with Xavi if we need to enforce to have always non-empty and valid IP address in the header. (currently it is not enforced)
Motivation:
Switching to
X-Real-IP
for IP extraction will enhance our system's security by protecting against IP spoofing attacks. This change is critical to maintaining the integrity of our transaction logs and the overall reliability of our services.