astelm/telemt
1
0
Fork 0
mirror of https://github.com/telemt/telemt.git synced 2026-05-23 04:01:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

Harden overload auth scans and masking safeguards

Browse Source
This commit is contained in:
sabraman
2026-04-09 01:14:15 +03:00
parent 731619bfaa
commit 06eb112efd
9 changed files with 349 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/Config_params/CONFIG_PARAMS.en.md
View File

@@ -1942,7 +1942,7 @@ This document lists all configuration keys accepted by `config.toml`.
<a id="cfg-server-proxy_protocol_trusted_cidrs"></a>
- `proxy_protocol_trusted_cidrs`
- **Constraints / validation**: `IpNetwork[]`.
- If omitted, defaults to trust-all CIDRs (`0.0.0.0/0` and `::/0`).
- If omitted, defaults to an empty list and incoming PROXY headers are rejected.
- If explicitly set to an empty array, all PROXY headers are rejected.
- **Description**: Trusted source CIDRs allowed to provide PROXY protocol headers (security control).
- **Example**:
@@ -3297,4 +3297,3 @@ If your backend or network is very bandwidth-constrained, reduce cap first. If p
password = "secret"
```