Allow header X-Forwarded-For header for proxy or load balancers

Version 1.5


Option to internally set the client IP to the value set in the header: X-Forwarded-For: which is useful if you're using a proxy or load balancer in front of DirectAdmin. New directadmin.conf option: x_forwarded_from_ip= which is interally NULL by default (feature is off) If you use an apache proxy to DA, eg: then you might want to enable this feature, but setting the above option to the IP or list of IPs thare are allowed to set the headers: X-Forwarded-For The value should be an IP or list of IPs separated by colons, eg: x_forwarded_from_ip= or x_forwarded_from_ip= where they should be any IP that you trust that is going to set the X-Forwarded-From header. If the incoming IP is not one of these x_forwarded_from_ip IPs, then DA will not check for the header. If the incoming IP matches one of them, and there is such a header, then DA will internally set the incoming client IP to be that value (X-Forwarded-For) After some testing, DA will not swap out the X-Forwarded-Host value, because it confuses the proxy, and doesn't remove :2222 in our redirects, causing the User to be sent to 2222, even if they're using a proxy on 80 or 443. Keep in mind that for some things, this feature will not work in every case. For example, the DA IP blacklist is checked prior to the headers being read in, so won't work for the block itself. But for most other areas, like the actual count of failed logins (and adding the true client IP to the blacklist) will still work (but in the case of the IP blacklist, they won't actually be blocked due to the IP mismatch) Every thing else should show the correct X-Forwarded-For IP address, such as logs, tokens, plugins, scripts, etc..

Interested to try DirectAdmin? Get a 30-day Free Trial!