From a83253f3d7a4d423d2bfdf522205daacd8ee868e Mon Sep 17 00:00:00 2001
From: RPRX <63339210+RPRX@users.noreply.github.com>
Date: Sun, 23 Nov 2025 04:23:48 +0000
Subject: [PATCH] VLESS Reverse Proxy: Forbid reverse-proxy UUID using
 forward-proxy, enabled by default

https://t.me/projectXtls/1070

https://github.com/XTLS/Xray-core/pull/5101#issuecomment-3567464144
---
 proxy/vless/inbound/inbound.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go
index 277ab068..89ed0e72 100644
--- a/proxy/vless/inbound/inbound.go
+++ b/proxy/vless/inbound/inbound.go
@@ -538,6 +538,10 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
 
 	account := request.User.Account.(*vless.MemoryAccount)
 
+	if account.Reverse != nil && request.Command != protocol.RequestCommandRvs {
+		return errors.New("for safety reasons, user " + account.ID.String() + " is not allowed to use forward proxy")
+	}
+
 	responseAddons := &encoding.Addons{
 		// Flow: requestAddons.Flow,
 	}