It's better when it's simple

User Tools

Site Tools


Configuration Setting: trustedproxy

DokuWiki uses the requesting IP address for logging anonymous edits, locking pages, and signing auth cookies etc.

When running it behind a reverse proxy, the directly requesting IP is always the proxy address which is useless for the mentioned purpose. Instead the HTTP_X_FORWARDED_FOR and HTTP_X_REAL_IP headers are used to determine the original IP address.

Starting Hogfather, this header is only trusted if the request is coming from an IP matching the regular expression in this config option, to avoid that malicious users spoof this header. Before Hogfather, the code had some check against local IP address, but the behavior was non-standard and not secure enough.

The default value trusts local network IPs only. Emptying this setting will make DokuWiki never trust the forward headers.

  • Type: String
  • Default: ^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)

See also

config/trustedproxy.txt · Last modified: 2022-12-10 00:53 by Klap-in

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki