Feature Proposal: Optionally get client IP from the X-Forwarded-For header.


When Foswiki is behind a Web Proxy, Load Balancer, or other appliances, Foswiki will only see the proxy server's IP address. This breaks IP Matching in sessions, masks the logs, and breaks plugins like BlackListPlugin.

Description and Documentation

Add a configuration parameter {PROXY}{ClientFromXForwardedFor} If enabled, Engine::CGI should parse the X-Forwarded-For, extract the Client IP and use it instead of the REMOTE_ADDR address when setting the query->remoteAddress

Also need to review any internal direct access to the REMOTE_ADDR environment variable.





-- Contributors: GeorgeClark - 19 Apr 2017


Looks to be pretty simple change to the Engine implementations. I'll just commit into master, as it will be disabled by default and is testing fine with mod_perl and CGI. Setting to merged.

Currently I have a Configure checker put up a warning if it detects a proxy. Should bootstrap automatically enable the header processing if it discovers foswiki is behind a proxy?

-- GeorgeClark - 14 May 2017

This feature is much too important not to release it ASAP. Basically we cannot use Foswiki behind a reverse proxy ... which is very much best practice deploying Foswiki using Docker.

I will backport it to the 2.1.8er release.

-- MichaelDaum - 24 Feb 2023
Topic revision: r4 - 24 Feb 2023, MichaelDaum
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy