Motivation
When Foswiki is behind a Web Proxy, Load Balancer, or other appliances, Foswiki will only see the proxy server's IP address. This breaks IP Matching in sessions, masks the logs, and breaks plugins like
BlackListPlugin.
Description and Documentation
Add a configuration parameter
{PROXY}{ClientFromXForwardedFor}
If enabled, Engine::CGI should parse the X-Forwarded-For, extract the Client IP and use it instead of the REMOTE_ADDR address when setting the
query->remoteAddress
Also need to review any internal direct access to the REMOTE_ADDR environment variable.
Examples
Impact
Implementation
--
Contributors: GeorgeClark - 19 Apr 2017
Discussion
Looks to be pretty simple change to the Engine implementations. I'll just commit into master, as it will be disabled by default and is testing fine with mod_perl and CGI. Setting to merged.
Currently I have a Configure checker put up a warning if it detects a proxy. Should bootstrap automatically enable the header processing if it discovers foswiki is behind a proxy?
--
GeorgeClark - 14 May 2017
This feature is much too important not to release it ASAP. Basically we cannot use Foswiki behind a reverse proxy ... which is very much best practice deploying Foswiki using Docker.
I will backport it to the 2.1.8er release.
--
MichaelDaum - 24 Feb 2023