stop using X-Forwarded-For header for determining real_ip

lifeforms · lifeforms · commit 08ed24e4857d · 2017-05-09T13:51:53.000+02:00
diff --git a/rules/REQUEST-901-INITIALIZATION.conf b/rules/REQUEST-901-INITIALIZATION.conf
@@ -241,25 +241,7 @@ SecRule REQUEST_HEADERS:User-Agent "^(.*)$" \
   nolog, \
   pass"
 
-SecRule REQUEST_HEADERS:x-forwarded-for "^\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b" \
-  "id:901319, \
-  phase:1, \
-  t:none, \
-  capture, \
-  setvar:tx.real_ip=%{tx.1}, \
-  nolog, \
-  pass"
-
-SecRule &TX:REAL_IP "!@eq 0" \
-  "id:901320, \
-  phase:1, \
-  t:none, \
-  initcol:global=global, \
-  initcol:ip=%{tx.real_ip}_%{tx.ua_hash}, \
-  nolog, \
-  pass"
-
-SecRule &TX:REAL_IP "@eq 0" \
+SecAction \
   "id:901321, \
   phase:1, \
   t:none, \
