diff --git a/admin_manual/configuration_server/config_sample_php_parameters.rst b/admin_manual/configuration_server/config_sample_php_parameters.rst index 6d8e9812b..4844aaa5f 100644 --- a/admin_manual/configuration_server/config_sample_php_parameters.rst +++ b/admin_manual/configuration_server/config_sample_php_parameters.rst @@ -1175,7 +1175,13 @@ List of trusted proxy servers 'forwarded_for_headers' => array('HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR'), Headers that should be trusted as client IP address in combination with -`trusted_proxies` +`trusted_proxies`. If the HTTP header looks like 'X-Forwarded-For', then use +'HTTP_X_FORWARDED_FOR' here. + +If set incorrectly, a client can spoof their IP address as visible to +ownCloud, bypassing access controls and making logs useless! + +Defaults to 'HTTP_X_FORWARED_FOR' if unset ::