From 4fa549c570194e2aaa8d3bc75b5faf9c604e0fda Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Thu, 12 Apr 2018 00:09:35 +0200
Subject: [PATCH] Disable direct access through frontend nginx in /reset/mail/

---
 web/reset/mail/index.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web/reset/mail/index.php b/web/reset/mail/index.php
index 060958ba..f09c198f 100644
--- a/web/reset/mail/index.php
+++ b/web/reset/mail/index.php
@@ -22,6 +22,7 @@ foreach ($arr as $arr_key => $arr_val) {
 if ($ip == $_SERVER['SERVER_ADDR']) $ok=1;
 if ($ip == '127.0.0.1') $ok=1;
 if ($ok==0) exit;
+if (isset($_SERVER['HTTP_X_REAL_IP']) || isset($_SERVER['HTTP_X_FORWARDED_FOR'])) exit;
 
 //
 // sourceforge.net/projects/postfixadmin/