From 4e2c9de7085fbc8e5abe8d0659d807881d69769c Mon Sep 17 00:00:00 2001
From: Aurelia <aurelia@acuteaura.net>
Date: Wed, 23 Apr 2025 06:06:47 +0200
Subject: feat(cmd/anubis): compute full XFF header (#328)

* feat(cmd/anubis): compute full XFF header

this one is pretty important to not pass
through blindly, as many applications and
frameworks will trust them

* feat(cmd/anubis): skip XFF compute if remote address is loopback

* docs: update CHANGELOG
---
 docs/docs/CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

(limited to 'docs')

diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md
index fa538e1..71cc42a 100644
--- a/docs/docs/CHANGELOG.md
+++ b/docs/docs/CHANGELOG.md
@@ -28,6 +28,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Added documentation on how to use Anubis with Traefik in Docker
 - Improved error handling in some edge cases
 - Disable `generic-bot-catchall` rule because of its high false positive rate in real-world scenarios
+- Set or append to `X-Forwarded-For` header unless the remote connects over a loopback address [#328](https://github.com/TecharoHQ/anubis/issues/328)
 
 ## v1.16.0
 
-- 
cgit v1.2.3