Hello Render Community,
I’m working on setting up a web application on Render’s infrastructure, and I need to ensure that the instance is only accessible via our corporate VPN. To achieve this, I have configured an nginx proxy server to forward HTTP(S) traffic to my application server. My application server is on a Render private network.
I’m facing a challenge with the X-Forwarded-For header, which can be forged, potentially allowing unauthorized access to the application. I understand that I need to configure the set_real_ip_from directive in my nginx configuration to only trust the X-Forwarded-For header when it comes from Render’s load balancers.
I am looking for alternative solutions or best practices to ensure the security of my setup. Are there any recommended methods or configurations for securing the X-Forwarded-For header or other ways to restrict access to my application to only users connected to our corporate VPN?
I appreciate any guidance or suggestions that the community can provide. If you need further information or clarification, please let me know.
Thank you in advance for your assistance!