Skip to content

Commit

Permalink
Apply suggestions from code review
Browse files Browse the repository at this point in the history 
Co-authored-by: Guy Sartorelli <[email protected]>
  • Loading branch information
@johannesx75 @GuySartorelli
2 people authored and johannes.hammersen committed Oct 19, 2023
1 parent a996692 commit 3e54617
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions en/02_Developer_Guides/09_Security/04_Secure_Coding.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -673,8 +673,8 @@ server IPs using the SS_TRUSTED_PROXY_IPS define in your `.env`.
SS_TRUSTED_PROXY_IPS="127.0.0.1,192.168.0.1"
```
You can also whitelist subnets in CIDR notation, if you don't know the exact IP of a trusted proxy.
Some cloud providers load balancers don't have fixed IPs, for example.
You can also whitelist subnets in CIDR notation if you don't know the exact IP of a trusted proxy.
For example, some cloud provider load balancers don't have fixed IPs.
```
SS_TRUSTED_PROXY_IPS="10.10.0.0/24,10.10.1.0/24,10.10.2.0/24"
Expand Down Expand Up @@ -702,7 +702,7 @@ At the same time, you'll also need to define which headers you trust from these

If there is no proxy server, 'none' can be used to distrust all clients.
If only trusted servers will make requests then you can use '*' to trust all clients.
Otherwise a comma separated list of individual IP addresses or subnets in CIDR notation should be declared.
Otherwise a comma separated list of individual IP addresses (or subnets in CIDR notation) should be declared.

This behaviour is enabled whenever `SS_TRUSTED_PROXY_IPS` is defined, or if the
`BlockUntrustedIPs` environment variable is declared. It is advisable to include the
Expand Down

0 comments on commit 3e54617

Please sign in to comment.