Skip to content

[Bug] Server ip address leaked when behind a proxy. #2142

New issue
New issue
Open
#5381
Open
[Bug] Server ip address leaked when behind a proxy.#2142
#5381
Labels
bugSomething isn't workingexempt-staleExempt the issue from staling
@moom0o

Description

@moom0o
moom0o
opened on Jun 10, 2021

Describe the bug
Bad actors can easily get the backend server ip by logging the web requests. This in turn can allow bad actors to easily ddos the backend server.

Steps to Reproduce

  1. Click on a random video
  2. Press F12
  3. Go to network
  4. Click play
  5. Find a web request to googlevideo.com
  6. The ip is located in the request url, making cloudflare/other ddos protection services useless.

Screenshots
Image
Another request
Additional context

  • Browser (if applicable): Brave 1.25.70
  • OS (if applicable): Windows 10 Pro 20H2

Is there any important reason why the server ip address needs to be sent in a request, or can this easily be removed?
Thanks.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingexempt-staleExempt the issue from staling

    Type

    No type

    Projects

    Todo - Invidious

    Status

    To Do - Administration misc

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions