New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
You are here: Foswiki>Tasks Web>Item14380 (11 Mar 2018, GeorgeClark)Edit Attach

Item14380: Foswiki should have option to use X-Forwarded-For to determine Client IP in reverse proxy configuration.

Priority: Enhancement
Current State: Waiting for Release
Released In: 2.2.0
Target Release: minor
Applies To: Engine
Component: FoswikiEngine
Branches: master Item14288 Item14380 Item14537
Reported By: GeorgeClark
Waiting For:
Last Change By: GeorgeClark
In proxy configurations, the Foswiki events log will only contain the proxy server's IP address, anonymizing the clients.

The X-Forwarded-For header will often contain the real client IP in a proxy configuration.

See Wikipedia:X-Forwarded-For

-- GeorgeClark - 19 Apr 2017

Implemented as a new Proxies option: {PROXY}{UseForwardedForHeader}

-- Main.GeorgeClark - 14 May 2017 - 18:26

See also Item14544

-- GeorgeClark - 27 Nov 2017

Re-opening this to work on for 2.1.5. Since the code already processes the Forwarding headers - incorrectly - this really is a bugfix. It needs to support: X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port and X-Forwarded-Proto which may be present.

-- GeorgeClark - 27 Nov 2017
Topic revision: r16 - 11 Mar 2018, GeorgeClark - This page was cached on 22 Mar 2018 - 08:20.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License