DokuWiki

It's better when it's simple

User Tools

Site Tools


Sidebar

Translations of this page?:

Learn about DokuWiki

Advanced Use

Corporate Use

Our Community


Follow us on Facebook, Twitter and other social networks.

Our Privacy Policy

config:trustedproxy

Configuration Setting: trustedproxy

DokuWiki uses the requesting IP address for logging anonymous edits, locking pages, and signing auth cookies etc.

When running it behind a reverse proxy, the directly requesting IP is always the proxy address which is useless for the mentioned purpose. Instead the HTTP_X_FORWARDED_FOR and HTTP_X_REAL_IP headers are used to determine the original IP address.

Starting Hogfather, this header is only trusted if the request is coming from an IP matching the regular expression in this config option, to avoid that malicious users spoof this header. Before Hogfather, the code had some check against local IP address, but the behavior was non-standard and not secure enough.

The default value trusts local network IPs only. Emptying this setting will make DokuWiki never trust the forward headers.

  • Type: String
  • Default: ^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)

See also

config/trustedproxy.txt · Last modified: 2020-11-15 23:25 by phy25