TrustProxy

Designate certain IP addresses or hostnames as trusted HTTP proxies.

Synopsis

Scope

This directive is only available for use in the global (interchange.cfg) configuration file, and will affect all websites running under the Interchange installation.  It will not work in a website's local (catalog.cfg) configuration file. 

Description

This directive allows the Interchange administrator to designate certain IP addresses or hostnames as trusted HTTP proxies, whose claims (via the HTTP_X_FORWARDED_FOR environment variable) about the original requesting host will be assumed accurate.

When using a front-end proxy for Interchange, all requests appear to come from that proxy.  This is effectively the same as running with WideOpen Yes, because all sessions will have the same user IP address and are thus open to hijack attempts.  Session hijacking can happen when someone unknowingly includes a session ID in a URI they send to other users;  All of those users then end up with the same session and shopping cart if WideOpen and/or TrustProxy are in effect.

TrustProxy takes a comma-separated list of one or more IP addresses and/or hostnames, which may include wildcards ("*" for any number of characters and "?" for a single character).  For example:

Note The HTTP environment variables are not modified in any way;  Only Interchange's understanding of the address of the remote host is altered, as you can verify for yourself by using [data session host].

Note Interchange's HostnameLookups facility, or your web server's equivalent, will need to be active before this directive will work with hostnames.

Examples

Defining a couple of trusted proxies

Defining a couple of trusted proxies using wildcards

Trusting all hosts as if they were external proxies (not a good idea)