View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0017742||phpList 3 application||Interface - Administrator||public||06-07-15 21:07||08-07-15 14:25|
|Platform||OS||Linux||OS Version||Ubuntu 1204|
|Target Version||next patch||Fixed in Version||3.2.0|
|Summary||0017742: Resolution for "Your IP address has changed. For security reasons, please login again" when behind a proxy|
|Description||When phpList is running on a server that has a proxy in front of it - for example Apache, the ip address phpList sees is the one from the proxy server, not the client.|
The fix for this is to read the x-forwarded-for instead of remote_addr when it exists.
|Steps To Reproduce||Access|
browser -> apache http server acting as a proxy -> apache http server with php rendering module.
|Additional Information||I have created a git pull request that fixes this issue.|
|Tags||No tags attached.|
You can just do
in your config to avoid these issues. But yes, it may be nice to be safer in those setups as well, and keep the flag.
Have you read https://github.com/phpList/phplist3/blob/master/CONTRIBUTING.md ?
Sounds like you have, as you've gone through all the steps :-)
Last step would be to sign the CLA: https://www.phplist.com/cla
I have signed the CLA
Awesome, you have signed the phpList CLA
Your github login: hedrickbt
Your name: Brooke Hedrick
Date signed: 2015-07-08
I am providing the patch as I believe the IP address change is a reasonable check to help with security and I don't want to disable it. This will also help out anyone that checks out phpList, with a proxy in front, to not have to jump online to figure out what needs to be done when that get that error.
Thank you for your consideration.
||merged and ready|