IP address detection
Team Password Manager is capable of identifying the IP address of the user if it's installed behind a reverse proxy. Correctly detecting the IP address of the user is important for logging and for IP address blocking.
If your installation of Team Password Manager is behind a reverse proxy, you should use the
REVERSE_PROXY setting in the
config.php configuration file:
VALUE can be:
- The IP address of the proxy server or a comma-delimited list of IP addresses of any number of proxy servers. This way these proxies will be whitelisted and the HTTP_X_FORWARDED_FOR header can be trusted. Examples:
define('REVERSE_PROXY', '192.168.0.3'); define('REVERSE_PROXY', '126.96.36.199, 188.8.131.52');
- If the proxy server uses a dynamic IP address, you can set
dynamic. This setting is insecure because the HTTP_X_FORWARDED_FOR header can be spoofed, but sometimes is the only way to go:
If your installation of Team Password Manager is behind a reverse proxy and you don't use this setting, the IP address that will be detected for all users is the IP address of the proxy server, which is of course incorrect.
Since version 4.47.94, Team Password Manager will handle https connections automatically if the proxy or load balancer uses SSL Termination if using header "X-Forwarded-Proto: https" or "Front-End-Https: on". If your proxy cannot set one of these two headers you can always force a base URL with TPM_BASE_URL, like so: https://your_base_url. An alternative way that also works is using SSL Pass-Through.