astelm/telemt
1
0
Fork 0
mirror of https://github.com/telemt/telemt.git synced 2026-05-23 04:01:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

Harden overload auth scans and masking safeguards

Browse Source
This commit is contained in:
sabraman
2026-04-09 01:14:15 +03:00
parent 5f5a3e3fa0
commit d3b0dbd541
9 changed files with 358 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/Config_params/CONFIG_PARAMS.en.md
View File

@@ -1807,8 +1807,7 @@ This document lists all configuration keys accepted by `config.toml`.
```
## proxy_protocol_trusted_cidrs
- **Constraints / validation**: `IpNetwork[]`.
- If omitted, defaults to trust-all CIDRs (`0.0.0.0/0` and `::/0`).
> In production behind HAProxy/nginx, prefer setting explicit trusted CIDRs instead of relying on this fallback.
- If omitted, defaults to an empty list and incoming PROXY headers are rejected.
- If explicitly set to an empty array, all PROXY headers are rejected.
- **Description**: Trusted source CIDRs allowed to provide PROXY protocol headers (security control).
- **Example**:
@@ -3063,5 +3062,3 @@ If your backend or network is very bandwidth-constrained, reduce cap first. If p
username = "alice"
password = "secret"
```