Commit 629a4dea authored by webchick's avatar webchick

Issue #1310250 by joelcollinsdc: Fixed Improve reverse proxy ip address...

Issue #1310250 by joelcollinsdc: Fixed Improve reverse proxy ip address handing commenting and documentation.
parent 362be767
......@@ -322,41 +322,49 @@
# $conf['maintenance_theme'] = 'bartik';
/**
* Enable this setting to determine the correct IP address of the remote
* client by examining information stored in the X-Forwarded-For headers.
* X-Forwarded-For headers are a standard mechanism for identifying client
* systems connecting through a reverse proxy server, such as Squid or
* Pound. Reverse proxy servers are often used to enhance the performance
* Reverse Proxy Configuration:
*
* Reverse proxy servers are often used to enhance the performance
* of heavily visited sites and may also provide other site caching,
* security or encryption benefits. If this Drupal installation operates
* behind a reverse proxy, this setting should be enabled so that correct
* IP address information is captured in Drupal's session management,
* logging, statistics and access management systems; if you are unsure
* about this setting, do not have a reverse proxy, or Drupal operates in
* a shared hosting environment, this setting should remain commented out.
* security, or encryption benefits. In an environment where Drupal
* is behind a reverse proxy, the real IP address of the client should
* be determined such that the correct client IP address is available
* to Drupal's logging, statistics, and access management systems. In
* the most simple scenario, the proxy server will add an
* X-Forwarded-For header to the request that contains the client IP
* address. However, HTTP headers are vulnerable to spoofing, where a
* malicious client could bypass restrictions by setting the
* X-Forwarded-For header directly. Therefore, Drupal's proxy
* configuration requires the IP addresses of all remote proxies to be
* specified in $conf['reverse_proxy_addresses'] to work correctly.
*
* Enable this setting to get Drupal to determine the client IP from
* the X-Forwarded-For header (or $conf['reverse_proxy_header'] if set).
* If you are unsure about this setting, do not have a reverse proxy,
* or Drupal operates in a shared hosting environment, this setting
* should remain commented out.
*
* In order for this setting to be used you must specify every possible
* reverse proxy IP address in $conf['reverse_proxy_addresses'].
* If a complete list of reverse proxies is not available in your
* environment (for example, if you use a CDN) you may set the
* $_SERVER['REMOTE_ADDR'] variable directly in settings.php.
* Be aware, however, that it is likely that this would allow IP
* address spoofing unless more advanced precautions are taken.
*/
# $conf['reverse_proxy'] = TRUE;
/**
* Set this value if your proxy server sends the client IP in a header other
* than X-Forwarded-For.
*
* The "X-Forwarded-For" header is a comma+space separated list of IP addresses,
* only the last one (the left-most) will be used.
* Specify every reverse proxy IP address in your environment.
* This setting is required if $conf['reverse_proxy'] is TRUE.
*/
# $conf['reverse_proxy_header'] = 'HTTP_X_CLUSTER_CLIENT_IP';
# $conf['reverse_proxy_addresses'] = array('a.b.c.d', ...);
/**
* reverse_proxy accepts an array of IP addresses.
*
* Each element of this array is the IP address of any of your reverse
* proxies. Filling this array Drupal will trust the information stored
* in the X-Forwarded-For headers only if Remote IP address is one of
* these, that is the request reaches the web server from one of your
* reverse proxies. Otherwise, the client could directly connect to
* your web server spoofing the X-Forwarded-For headers.
* Set this value if your proxy server sends the client IP in a header
* other than X-Forwarded-For.
*/
# $conf['reverse_proxy_addresses'] = array('a.b.c.d', ...);
# $conf['reverse_proxy_header'] = 'HTTP_X_CLUSTER_CLIENT_IP';
/**
* Page caching:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment