Avoid trust-all Gin reverse proxy settings | Critiq Docs

#Metadata

Rule ID: go.security.gin-trust-all-proxies
Severity: high
Confidence: 0.86
Languages: go
Presets: security, strict
Stability: experimental
Applies to: block
Tags: gin, go, rules-catalog, security

#Why it matters

Trusting every proxy allows clients to forge client IP headers and bypass IP-based controls or auditing.

#Remediation

Replace catch-all trusted proxy lists with explicit CIDRs for your ingress tier and document the expected hop count.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/go/go.security.gin-trust-all-proxies.rule.yaml.

Back to directory Open rule in repository