You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/bff/fundamentals/options.md
+8-11Lines changed: 8 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -201,16 +201,14 @@ The following options are available:
201
201
ms.
202
202
203
203
204
-
# XForward header configuration
204
+
# Proxy Servers and Load Balancers :badge[v4.0]
205
205
206
-
Added in V4
206
+
When your BFF is hosted behind another reverse proxy or load balancer, you'll want to use `X-Forwarded-*` headers.
207
207
208
-
Should BFF run behind another proxy, then you'll want to use X-Forwarded headers.
209
-
210
-
BFF automatically registers the XForward header middleware in the pipeline. However,
211
-
it doesn't do anything without configuration. Below is an example on how you can confiugre this.
208
+
BFF automatically registers the `ForwardedHeaders` middleware in the pipeline, without any additional configuration. You will need to configure which headers should be considered by the middleware, typically the `X-Forwarded-For` and `X-Forwarded-Proto` headers. Here's an example of how you can configure this.
See [proxy-load-balancer](https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-9.0) in the microsoft documentation
223
-
for more information.
220
+
See [proxy servers and load balancers](https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-9.0) in the Microsoft documentation for more information.
224
221
225
222
:::note
226
-
Be careful with XForward headers from untrusted sources. This can leave you vulnerable to IP Spoofing attacks.
227
-
See [Microsoft Security Advisory CVE-2018-0787](https://github.com/aspnet/Announcements/issues/295) for information
228
-
on an elevation-of-privileges vulnerability that affects systems where the proxy doesn't validate or restrict Host headers to known good values.
223
+
Be careful processing `X-Forwarded-*` headers from untrusted sources. Accepting these headers without validating the proxy IP address or network origin may leave you vulnerable to IP Spoofing attacks.
229
224
225
+
See [Microsoft Security Advisory CVE-2018-0787](https://github.com/aspnet/Announcements/issues/295) for information
226
+
on an elevation-of-privileges vulnerability that affects systems where the proxy doesn't validate or restrict `Host` headers to known good values.
0 commit comments