mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
docs(authorizer): important headers for access-control networks (#1794)
* Document X-Forwarded-For capabilities within access-control networks Adds a short paragraph detailing X-Forwarded-For header behaviour into the documentation. * Update docs/configuration/access-control.md Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
This commit is contained in:
parent
c4864ca64c
commit
5cf11f87c8
|
@ -139,6 +139,9 @@ A list of network addresses, ranges (CIDR notation) or groups can be specified i
|
|||
policies when requests originate from different networks. This list can contain both literal definitions of networks
|
||||
and [network aliases](#network-aliases).
|
||||
|
||||
Network addresses specified will be matched against the first IP in the X-Forwarded-For, and if there is none it will fall back to the IP address of the request. If using Authelia with a reverse proxy, additional configuration
|
||||
may be required on the reverse proxy to ensure these headers are present and correct.
|
||||
|
||||
Main use cases for this rule option is to adjust the security requirements of a resource based on the location of
|
||||
the user. For example lets say a resource should be exposed both on the Internet and from an
|
||||
authenticated VPN for instance. Passing a second factor a first time to get access to the VPN and
|
||||
|
|
Loading…
Reference in New Issue
Block a user