Security: trust_header overwrites req.RemoteAddr globally

[adryd325]

When trust_header is configured, req.RemoteAddr is overwritten. This allows spoofing the remote address in following checks.

In the example the {remote_host} variable is changed.

geo_ip {
        db_path /var/lib/GeoIP/GeoLite2-City.mmdb
        trust_header X-Forwarded-For
}

respond /test 200 {
        body "Remote Address:{remote_host}"
}

This allows bypassing IP range restrictions, bypassing the trusted_proxy directive in reverse_proxy and any other restrictions or checks that use req.RemoteAddr.