From 5f3b48e16d02ca3e5a75fc85a00b55c0643e557b Mon Sep 17 00:00:00 2001
From: Elvin Efendi <elvin.efendiyev@gmail.com>
Date: Tue, 13 Nov 2018 10:31:52 +0400
Subject: [PATCH] breaking change: do not trust x-forwarded-* headers by
 default

---
 docs/user-guide/nginx-configuration/configmap.md | 2 +-
 internal/ingress/controller/config/config.go     | 2 +-
 test/e2e/settings/geoip2.go                      | 1 +
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md
index f2d9b1ddf..3b4e60742 100644
--- a/docs/user-guide/nginx-configuration/configmap.md
+++ b/docs/user-guide/nginx-configuration/configmap.md
@@ -106,7 +106,7 @@ The following table shows a configuration option's name, type, and the default v
 |[proxy-stream-timeout](#proxy-stream-timeout)|string|"600s"|
 |[proxy-stream-responses](#proxy-stream-responses)|int|1|
 |[bind-address](#bind-address)|[]string|""|
-|[use-forwarded-headers](#use-forwarded-headers)|bool|"true"|
+|[use-forwarded-headers](#use-forwarded-headers)|bool|"false"|
 |[forwarded-for-header](#forwarded-for-header)|string|"X-Forwarded-For"|
 |[compute-full-forwarded-for](#compute-full-forwarded-for)|bool|"false"|
 |[proxy-add-original-uri-header](#proxy-add-original-uri-header)|bool|"true"|
diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go
index 60444e5f3..001eebe52 100644
--- a/internal/ingress/controller/config/config.go
+++ b/internal/ingress/controller/config/config.go
@@ -588,7 +588,7 @@ func NewDefault() Configuration {
 		EnableDynamicTLSRecords:    true,
 		EnableUnderscoresInHeaders: false,
 		ErrorLogLevel:              errorLevel,
-		UseForwardedHeaders:        true,
+		UseForwardedHeaders:        false,
 		ForwardedForHeader:         "X-Forwarded-For",
 		ComputeFullForwardedFor:    false,
 		ProxyAddOriginalURIHeader:  true,
diff --git a/test/e2e/settings/geoip2.go b/test/e2e/settings/geoip2.go
index 325691b51..58f657aff 100644
--- a/test/e2e/settings/geoip2.go
+++ b/test/e2e/settings/geoip2.go
@@ -45,6 +45,7 @@ var _ = framework.IngressNginxDescribe("Geoip2", func() {
   AU 0;
 }`
 		f.UpdateNginxConfigMapData("http-snippet", httpSnippetAllowingOnlyAustralia)
+		f.UpdateNginxConfigMapData("use-forwarded-headers", "true")
 
 		f.WaitForNginxConfiguration(
 			func(cfg string) bool {