Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-102810

Use proxied src endpoint to construct transport::Session's restrictionEnvironment

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • Server Security
    • Security 2025-03-31, Server Security 2025-04-14, Server Security 2025-04-28
    • None
    • 0
    • None
    • None
    • None
    • None
    • None
    • None

      Currently, the _restrictionEnvironment stored in transport::Session always uses the peer address (stored in _remoteAddr). 

      If clientSourceAuthenticationRestrictionMode is set to origin and the AsioSession parses a proxy protocol header, then the _restrictionEnvironment should be updated to be based off of the _proxiedSrcRemoteEndpoint instead.

            Assignee:
            annette.chau@mongodb.com Annette Chau
            Reporter:
            varun.ravichandran@mongodb.com Varun Ravichandran
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: