Option AcceptX-Forwarded-For

Learn how to use the Option AcceptX-Forwarded-For config.txt directive to specify which X-Forwarded-For headers EZproxy should trust.

Option AcceptX-Forwarded-For specifies that EZproxy should trust the X-Forwarded-For header and allow it to specify the IP address of the remote user. This option should only be used in configurations where EZproxy is behind a firewall that uses network address translation that hides the IP address of remote users, but that also inserts an X-Forwarded-For header into the request to provide the true IP address of the remote user.

This option is very dangerous to use on an EZproxy server that is not installed within a protected environment. Outside a protected environment, any remote user could insert this header in an attempt to mislead the EZproxy server regarding the user’s true remote address. Such misdirection could override security features including intruder detection by IP address and access control based on remote IP address.

This option should not be confused with Option X-Forwarded-For which performs a very different function.

OptionAcceptX-Forwarded-For is a non-repeatable position-independent config.txt directive.

Syntax

Option AcceptX-Forwarded-For

Example

Permit the forwarding of X-Forwarded-For headers into EZproxy.

Option AcceptX-Forwarded-For