[Bug]: X-Forwarded for and allowed_admin_ranges

[ossimoi]

Bug description

allowed_admin_ranges does not seem to honor XFF header. Administration settings are not visible for admin user when connected via reverse proxy with client ip in XFF and proxy ip in remote_addr header, even when proxy is listed in trusted_proxies. Administration settings are visible when proxy ip is listed in allowed_admin_ranges.

Not sure if this is intentional or a misconfiguration in my end.

Steps to reproduce

1. Set up Nextcloud with php-fpm behind nginx.
2. Add nginx ip to trusted_proxies
3. Add clients real ip to allowed_admin_ranges
4. Test that XFF is properly passed upstream with phpinfo()
5. Log in as admin, no Administration settings visible

Expected behavior

Admin settings visible when client is verified via XFF.

Nextcloud Server version

31

[joshtrichards]

Hi @ossimoi - Thanks for the note.

Not sure if this is intentional or a misconfiguration in my end.

Would you mind troubleshooting your situation further on the help forum? https://help.nextcloud.com

allowed_admin_ranges looks up the remote IP address in the same subsystem used by various components of Nextcloud Server. If this was not functioning I would expect other problems/many reports.

So chances are there is a misconfiguration somewhere in your installation (but anything is possible).