Problem
Program.cs clears KnownIPNetworks and KnownProxies, so X-Forwarded-For and X-Forwarded-Proto are accepted from any client. Rate limiting partitions on RemoteIpAddress, which is affected by forwarded headers.
Impact
If Kestrel is exposed directly, a caller can spoof X-Forwarded-For to bypass per-IP rate limits and spoof X-Forwarded-Proto to affect HTTPS-sensitive behavior.
References
api/ApplyTrack.Api/Program.cs — ForwardedHeadersOptions and rate-limit partitioning
Acceptance criteria
- Production mode supports configured
KnownProxies / KnownIPNetworks.
- Untrusted direct requests cannot spoof rate-limit partition IPs.
- Local/dev reverse-proxy behavior remains documented and easy to enable.
- Tests cover forwarded headers from trusted and untrusted sources if practical under TestServer.
Problem
Program.csclearsKnownIPNetworksandKnownProxies, soX-Forwarded-ForandX-Forwarded-Protoare accepted from any client. Rate limiting partitions onRemoteIpAddress, which is affected by forwarded headers.Impact
If Kestrel is exposed directly, a caller can spoof
X-Forwarded-Forto bypass per-IP rate limits and spoofX-Forwarded-Prototo affect HTTPS-sensitive behavior.References
api/ApplyTrack.Api/Program.cs—ForwardedHeadersOptionsand rate-limit partitioningAcceptance criteria
KnownProxies/KnownIPNetworks.