Details
-
Improvement
-
Resolution: Unresolved
-
Medium
-
None
-
None
-
None
Description
The current code only responds to requests for userhash from localhost, but we can suppose big customers will run varnish on separate servers.
Allowing requests from trusted IPs should be easy to setup without writing php code.
As suggested by Joao, we could use the TRUSTED_PROXIES env var