Trust level for proxy headers
Use this setting to determine whether Webmin should trust headers from a proxy
to identify the user’s IP address and SSL certificate:
- No, do not trust any headers from the proxy.
- Yes, trust the remote IP address provided by proxies. If enabled,
Webmin will use a header provided by a proxy to determine the browser's
real IP address for logging and access control purposes, such as
X-Forwarded-For or X-Real-IP. This should
only be enabled when your Webmin system is behind a proxy, and
there is no direct access from clients; otherwise, a fake header could
be sent to bypass IP access control restrictions.
- Yes, trust both the remote IP and SSL certificate provided by
proxies. If enabled, Webmin will use a header provided by a proxy to
determine the user's client SSL certificate for authentication purposes,
such as X-SSL-Client-DN. This should only be enabled
when your Webmin system is behind a proxy, and there is no direct access
from clients; otherwise, a fake header could be sent to log in as a
different user.