add support for X-Forwarded-For header to log correct client IP when behind a proxy

[rlljorge]

Discussed in #994

^{Originally posted by rlljorge September 28, 2024}
Hello,

I’m using the self-service-password tool behind a proxy, and I noticed that the audit logs are showing the proxy’s IP address instead of the client’s real IP. Many applications support reading the X-Forwarded-For header in such scenarios to correctly log the client’s original IP.

Would it be possible to add native support for this feature?

For example, in the configuration file (config.inc.php), a new option could be added to enable this functionality, something like:

$use_forwarded_for = true;

And the system could then check if the X-Forwarded-For header exists and use that for logging the client’s IP.

if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
    $ip = $_SERVER['REMOTE_ADDR'];
}

Best Regards,

Rodrigo

[click0]

There are also headers CF-Connecting-IP, CF-Connecting-IPv6 and others.
They are described here and here.