Configuration Setting: trustedproxy
DokuWiki uses the requesting IP address for logging anonymous edits, locking pages, and signing auth cookies etc.
When running it behind a reverse proxy, the directly requesting IP is always the proxy address which is useless for the mentioned purpose. Instead the HTTP_X_FORWARDED_FOR and HTTP_X_REAL_IP headers are used to determine the original IP address.
Starting Hogfather, this header is only trusted if the request is coming from an IP matching the regular expression in this config option, to avoid that malicious users spoof this header. Before Hogfather, the code had some check against local IP address, but the behavior was non-standard and not secure enough.
The default value trusts local network IPs only. Emptying this setting will make DokuWiki never trust the forward headers.
- Type: String
- Default:
^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)