summaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorOliver Wegner <void1976@gmail.com>2018-10-30 17:36:41 +0100
committerOliver Wegner <void1976@gmail.com>2018-10-30 17:36:41 +0100
commitfb5ac6b8361345d0f8b1f7769f72e2a33128084d (patch)
tree3cd710242a417ca084441dfd3333c88ec5dcf482 /config
parent3eb5ac9cff2cd2a111e51fe3ce24ecdd615ddafa (diff)
downloadnextcloud-server-fb5ac6b8361345d0f8b1f7769f72e2a33128084d.tar.gz
nextcloud-server-fb5ac6b8361345d0f8b1f7769f72e2a33128084d.zip
Extending documentation in config.sample.php for `trusted_proxies`
Signed-off-by: Oliver Wegner <void1976@gmail.com>
Diffstat (limited to 'config')
-rw-r--r--config/config.sample.php21
1 files changed, 18 insertions, 3 deletions
diff --git a/config/config.sample.php b/config/config.sample.php
index 9a5648c95df..25f56904dc4 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -1499,11 +1499,26 @@ $CONFIG = array(
/**
* List of trusted proxy servers
*
- * If you configure these also consider setting `forwarded_for_headers` which
- * otherwise defaults to `HTTP_X_FORWARDED_FOR` (the `X-Forwarded-For` header).
+ * You may set this to an array containing a combination of
+ * - IPv4 addresses, e.g. `192.168.2.123`
+ * - IPv4 ranges in CIDR notation, e.g. `192.168.2.0/24`
+ * - IPv6 addresses, e.g. `fd9e:21a7:a92c:2323::1`
+ *
+ * _(CIDR notation for IPv6 is currently work in progress and thus not
+ * available as of yet)_
+ *
+ * When an incoming request's `REMOTE_ADDR` matches any of the IP addresses
+ * specified here, it is assumed to be a proxy instead of a client. Thus, the
+ * client IP will be read from the HTTP header specified in
+ * `forwarded_for_headers` instead of from `REMOTE_ADDR`.
+ *
+ * So if you configure `trusted_proxies`, also consider setting
+ * `forwarded_for_headers` which otherwise defaults to `HTTP_X_FORWARDED_FOR`
+ * (the `X-Forwarded-For` header).
+ *
* Defaults to an empty array.
*/
-'trusted_proxies' => array('203.0.113.45', '198.51.100.128'),
+'trusted_proxies' => array('203.0.113.45', '198.51.100.128', '192.168.2.0/24'),
/**
* Headers that should be trusted as client IP address in combination with