Option AcceptX-Forwarded-For specifies that EZproxy should trust the X-Forwarded-For header and allow it to specify the IP address of the remote user. This option should only be used in configurations where EZproxy is behind a firewall that uses network address translation that hides the IP address of remote users, but that also inserts an X-Forwarded-For header into the request to provide the true IP address of the remote user.
This option is very dangerous to use on an EZproxy server that is not installed within a protected environment. Outside a protected environment, any remote user could insert this header in an attempt to mislead the EZproxy server regarding the user’s true remote address. Such misdirection could override security features including intruder detection by IP address and access control based on remote IP address.
This option should not be confused with Option X-Forwarded-For which performs a very different function.
OptionAcceptX-Forwarded-For is a non-repeatable position-independent config.txt directive.
Option AcceptX-Forwarded-For
Permit the forwarding of X-Forwarded-For headers into EZproxy.
Option AcceptX-Forwarded-For