Details
Description
We are behind a load balancer that acts as a full proxy. The IP address we see is always the load balancer. This makes session logs misleading, and also makes the IP address test in some places not usable.
This patch has two sakai.properties values that lets us get the right address. The assumption is that the load balancer will supply a header such as X-Forwarded-For with the right address. Here's a sample conjuration:
checkforward.addresses=128.6.210.69,128.6.210.70
checkforward.header=X-Forwarded-For
Both values must be set for it to do anything. The addresses value gives the addresses from which the load balancer will send traffic. At Rutgers we have situations where you can access the servers directly. We only want to use the X-Forwarded-For header when access comes from the load balancer. Otherwise users could add their own header and fake their IP address.