http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8492 --- Comment #7 from Robin Sheat <robin@catalyst.net.nz> --- I wouldn't expect most systems to be on real-world IP addresses if they're behind a proxy anyway, there's no point. And it's only the address of the proxy you care about. Though, thinking about it more, if you're attempting to restrict to part of an RFC1918 set, this would leave forgery open. A better idea would be to specify what your proxy IP/IP pattern is and look for the header only in that case. X-Forwarded-For can be forged, also can (legitimately) have multiple IP addresses in it, but it is possible to be sure about what you're getting. For example, if you know you're behind a proxy you can rely on that header being there, and that the last entry is the real source IP address. -- You are receiving this mail because: You are watching all bug changes.