Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add support for X-Forwarded-For header to log correct client IP when behind a proxy #998

Open
rlljorge opened this issue Oct 4, 2024 Discussed in #994 · 1 comment
Open
Milestone

Comments

@rlljorge
Copy link

rlljorge commented Oct 4, 2024

Discussed in #994

Originally posted by rlljorge September 28, 2024
Hello,

I’m using the self-service-password tool behind a proxy, and I noticed that the audit logs are showing the proxy’s IP address instead of the client’s real IP. Many applications support reading the X-Forwarded-For header in such scenarios to correctly log the client’s original IP.

Would it be possible to add native support for this feature?

For example, in the configuration file (config.inc.php), a new option could be added to enable this functionality, something like:

$use_forwarded_for = true;

And the system could then check if the X-Forwarded-For header exists and use that for logging the client’s IP.

if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
    $ip = $_SERVER['REMOTE_ADDR'];
}

Best Regards,

Rodrigo

@coudot coudot added this to the 1.8.0 milestone Oct 29, 2024
@click0
Copy link
Contributor

click0 commented Jan 14, 2025

There are also headers CF-Connecting-IP, CF-Connecting-IPv6 and others.
They are described here and here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants