Don't trust the first item in the X-Forwarded-For header

Any security-related use of X-Forwarded-For (such as for rate limiting or IP-based access control) must only use IP addresses added by a trusted proxy. Using untrustworthy values can result in rate-limiter avoidance, access-control bypass, memory exhaustion, or other negative security or availability consequences. -- MDN's X-Forwarded-For article Short version: * Do

I set up a blog. It was annoying.

Today I created this blog. It's hosted in AWS and runs on the free and open source version of Ghost - although if you take a glance at the Ghost homepage, you might not even realise that there is a free and open source version, given the prominent mentions of