View Issue Details

IDProjectCategoryView StatusLast Update
0017742phplist applicationInterface - Administratorpublic08-07-15 14:25
Status resolvedResolutionfixed 
PlatformOSLinuxOS VersionUbuntu 1204
Product Version3.0.12 
Target Versionnext patchFixed in Version3.2.0 
Summary0017742: Resolution for "Your IP address has changed. For security reasons, please login again" when behind a proxy
DescriptionWhen phpList is running on a server that has a proxy in front of it - for example Apache, the ip address phpList sees is the one from the proxy server, not the client.

The fix for this is to read the x-forwarded-for instead of remote_addr when it exists.
Steps To ReproduceAccess
browser -> apache http server acting as a proxy -> apache http server with php rendering module.

Additional InformationI have created a git pull request that fixes this issue.
TagsNo tags attached.



06-07-15 21:15

manager   ~0056325

You can just do


in your config to avoid these issues. But yes, it may be nice to be safer in those setups as well, and keep the flag.

Have you read ?

Sounds like you have, as you've gone through all the steps :-)
Last step would be to sign the CLA:


08-07-15 14:20

reporter   ~0056372

I have signed the CLA

Awesome, you have signed the phpList CLA
Your github login: hedrickbt
Your name: Brooke Hedrick
Date signed: 2015-07-08

I am providing the patch as I believe the IP address change is a reasonable check to help with security and I don't want to disable it. This will also help out anyone that checks out phpList, with a proxy in front, to not have to jump online to figure out what needs to be done when that get that error.

Thank you for your consideration.


08-07-15 14:25

manager   ~0056373

merged and ready