Workaround security issues in django-axes (!1245) · Merge requests · FreedomBox / FreedomBox · GitLab

Snippets Groups Projects

Closed Sunil Mohan Adapa requested to merge sunilmohan/freedombox:fix-axes into master 7 years ago

Newer versions of Django axes have newly way to get the IP address of a client using ipware library. This has multiple security issues https://github.com/jazzband/django-axes/issues/286 . Workaround them by controlling the X-FORWARDED-FOR header sent from Apache to FreedomBox and by limiting the headers that ipware uses.

Signed-off-by: Sunil Mohan Adapa sunil@medhas.org

Activity

James Valleroy closed 7 years ago

closed
James Valleroy @jvalleroy · 7 years ago

Owner

Merged. I only tested that there were no obvious regressions.

Please register or sign in to reply