Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tree: 01330ec25d
Fetching contributors…

Cannot retrieve contributors at this time

76 lines (62 sloc) 2.469 kb
__NAME__ purpose
designate certain IP addresses or hostnames as trusted HTTP proxies
__NAME__ see also
__NAME__ synopsis
<arg choice='plain' rep='repeat'><replaceable>hostname</replaceable></arg>
__NAME__ description
The directive
allows &IC; administrator to designate certain IP addresses or hostnames
as trusted HTTP proxies, whose claims (via the
environment variable set by the web server) about the original requesting
host will be assumed truthful and accurate.
For example, if you are using a front-end proxy for &IC;, all requests will
appear to come from the proxy address (say, <literal></literal> if
on the same machine). In turn, all clients will appear as having the same
source IP address (much like if you enabled &conf-WideOpen;). Under such
circumstances, user session hijacking becomes trivial enough that it can even
happen by accident (if, say, someone copies an URL that includes his/her
session cookie and gives it to others to visit &mdash; they all will end up
having the same user info and shopping cart!).
Having said the above, &conf-TrustProxy; takes a comma-separated list of
IP addresses and/or hostnames (globbing possible - see examples) that are
trusted proxies and whose value of <envar>HTTP_X_FORWARDED_FOR</envar>
should be used as request source instead of the actual IP directly.
__NAME__ notes
"Globs" are <literal>*</literal> and <literal>?</literal>. The
<literal>*</literal> stands for any number of characters (including none), while
<literal>?</literal> stands for 1 character exactly.
The directive could, in general, be also used with external, untrusted HTTP
proxies (which you can only hope aren't lying) by using a <literal>*</literal>
glob (see examples).
Note that the environment variables are not modified in any way; only
&IC;'s idea of the remote host is altered, as you see with
<code>[data session host]</code>.
__NAME__ missing
__NAME__ example: Defining TrustProxy
__NAME__ example: Defining TrustProxy with "glob" values
TrustProxy 127.0.0.? 10.0.* 192.168.?.1
__NAME__ example: Trusting all external proxies (a bad idea generally)
TrustProxy *
Jump to Line
Something went wrong with that request. Please try again.