DokuWiki uses the requesting IP address for logging anonymous edits, locking pages etc.

When running it behind a reverse proxy, the directly requesting IP is always the proxy address which is useless for the mentioned purpose. Instead the HTTP_X_FORWARDED_FOR and HTTP_X_REAL_IP headers are used to determine the original IP address.

Starting Hogfather, this header is only trusted if the request is coming from an IP matching the regular expression in this config option, to avoid that malicious users spoof this header. Before Hogfather, any HTTP request with this header will be trusted.

The default value trusts local network IPs only. Emptying this setting will make DokuWiki never trust the forward headers.

• Type: String
• Default: ^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)

• Configuring DokuWiki
• IP Banning Plugin
• 2828