A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More.
AI OnAI Off
IPRangeCriterion to use IClientIPAddressResolver
This thread is locked and should be used for reference only.
Hiya,
I've been looking at the recent blog post about using visitor groups with a CDN and the X-Forwarded-For (XFF) header. After experimenting with a code based implementation, I came across the implementation of IClientIPAddressResolver which pulls the header/expected proxy count from config. The default Implementation also appears to correctly address the XFF client IP spoofing scenario according to the defined configuration.
Please can we have the criteria pack changed to also use this interface? This would allow us to detect the actual client IP rather than a proxy's ip.