It's a somewhat-common situation that people have their Bugzilla behind some sort of proxy that does something (caching, SSL, etc.) with incoming traffic. Unfortunately, this breaks $ENV{REMOTE_ADDR}, because all traffic seems to be coming from the proxy. We need a parameter (for the Advanced section) that allows admins to specify the IP of their proxy, and then if traffic comes from that proxy, we trust the X-Forwarded-For header instead of the REMOTE_ADDR. dkl' comment on redhat bugzilla: We currently have a hack in Bugzilla.pm in init_page() that does similar that will need to be removed as well since we will now use the upstream method.
Created attachment 369693 [details] v1 patch to use X-forwarded-for instead of remote_addr for trusted proxies Hey Dave, I have applied the upstream patch to our 3.4 branch, removed our similar code from Bugzilla.pm init_page, also for the new parameter 'inbound_proxies' included in the upstream patch in the new advanced parameter page, I have added it to our required_settings parameters page, as the upstream patch for the new advanced parameter page is still under review and marked for 3.6 release. I applied the patch to bz-web1 but couldn't test it there as bz-web1 is not working at the moment, but tested it in my localhost bugzilla along with the brute password patch and seems to be working good. Thanks, Noura
Comment on attachment 369693 [details] v1 patch to use X-forwarded-for instead of remote_addr for trusted proxies I already reviewed this upstream as well for Max so I am review+ here now as well.
Thanks Dave, patch committed Noura