Details
-
Task
-
Resolution: Fixed
-
None
-
High
-
Add a new configuration value to enable the usage of IP authentication behind a local proxy.
-
Empty show more show less
Description
problem
In dockerized setups translate5 is reached via a proxy, normally a nginx. Therefore the REMOTE_ADDR evaluated by PHP is always the IP of the nginx server. The real IP is placed in another variable.
resolution
- Investigate if the real IP is always in $_SERVER['HTTP_X_REAL_IP'] or is this only the case for nginx
- Introduce a config to the ipauth plugin that the HTTP_X_REAL_IP should be used instead of the ordinare REMOTE_ADDR
- Investigate if the IP for the HTTP_X_REAL_IP header can be spoofed somehow - by adding such a header in the orginal request or so.