This feature needs to be enabled through the `http.use_x_forwarded_for` option,
satisfying security concerns of spoofed remote addresses in untrusted network
environments.
The testsuite was enhanced to explicitly test the functionality of the
header.
Fixes#4265.
Signed-off-by: Martin Weinelt <hexa@darmstadt.ccc.de>
* Change approved_ips from string to cidr validation
Relabel to trusted_networks, better reflecting its expected inputs,
everything that ipaddress.ip_networks recognizes as an ip network
is possible:
- 127.0.0.1 (single ipv4 addresses)
- 192.168.0.0/24 (ipv4 networks)
- ::1 (single ipv6 addresses)
- 2001:DB8::/48 (ipv6 networks)
* Add support for the X-Forwarded-For header
