fix(security): rate limiting basé sur REMOTE_ADDR uniquement
All checks were successful
Deploy / Deploy to Production (push) Successful in 21s
All checks were successful
Deploy / Deploy to Production (push) Successful in 21s
X-Forwarded-For est un header client spoofable, REMOTE_ADDR est l'IP TCP. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
isUnknown
parent
1ee0a4e640
commit
3499fd0d34
1 changed files with 1 additions and 1 deletions
|
|
@ -25,7 +25,7 @@ return [
|
|||
}
|
||||
|
||||
// ── Rate limiting (5 req / hour / IP) ─────────────────────
|
||||
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'] ?? 'unknown';
|
||||
$ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
|
||||
$cacheKey = 'wp-dl-' . md5($ip);
|
||||
$cache = kirby()->cache('pages');
|
||||
$hits = (int)($cache->get($cacheKey) ?? 0);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue