Testimonials
What our customers say about Team Password Manager

Configuration if Team Password Manager is behind a reverse proxy or a load balancer

Current Team Password Manager version: 12.162.284

IP address detection

Team Password Manager is capable of identifying the IP address of the user if it's installed behind a reverse proxy. Correctly detecting the IP address of the user is important for logging and for IP address blocking.

Team Password Manager behind a reverse proxy

If your installation of Team Password Manager is behind a reverse proxy, you should use the REVERSE_PROXY setting in the config.php configuration file:

define('REVERSE_PROXY', 'VALUE');

Where VALUE can be:

  1. The IP address of the proxy server or a comma-delimited list of IP addresses of any number of proxy servers. This way these proxies will be whitelisted and the HTTP_X_FORWARDED_FOR header can be trusted. Examples:
    define('REVERSE_PROXY', '192.168.0.3');
    define('REVERSE_PROXY', '1.2.3.4, 5.6.7.8');
  2. If the proxy server uses a dynamic IP address, you can set VALUE to dynamic. This setting is insecure because the HTTP_X_FORWARDED_FOR header can be spoofed, but sometimes is the only way to go:
    define('REVERSE_PROXY', 'dynamic');

If your installation of Team Password Manager is behind a reverse proxy and you don't use this setting, the IP address that will be detected for all users is the IP address of the proxy server, which is of course incorrect.

Handling SSL

Since version 4.47.94, Team Password Manager will handle https connections automatically if the proxy or load balancer uses SSL Termination if using header "X-Forwarded-Proto: https" or "Front-End-Https: on". If your proxy cannot set one of these two headers you can always force a base URL with TPM_BASE_URL, like so: https://your_base_url. An alternative way that also works is using SSL Pass-Through.

Questions or Problems? Please contact our support department