Incident: Parameter "USE_CUSTOM_REMOTE_IP_HEADER" not working

Date Seen

Ubuntu 16.04.4 LTS
Apache 2.4.18
Z-Push 2.4.0
Kopano 8.6.80

Bug Description
Since updating to Z-Push 2.4.0 the parameter “USE_CUSTOM_REMOTE_IP_HEADER” with option “HTTP_X_FORWARDED_FOR” is not working as expected. Z-Push is logging the the ip from the reverse proxy instead of the forwarded ip.

    // Use a custom header to determinate the remote IP of a client.
    // By default, the server provided REMOTE_ADDR is used. If the header here set
    // is available, the provided value will be used, else REMOTE_ADDR is maintained.
    // set to false to disable this behaviour.
    // common values: 'HTTP_X_FORWARDED_FOR', 'HTTP_X_REAL_IP' (casing is ignored)
Mar 13 13:55:22 server z-push/core[15150]: [WARN] [dfsd] IP: failed to authenticate user 'dfsd'


Steps to Reproduce
Enable the parameter “USE_CUSTOM_REMOTE_IP_HEADER” with option “HTTP_X_FORWARDED_FOR” and the check the apache logs. This is only reproducable if the webserver is behind a reverse proxy.

Actual Behavior
The reverse proxy ip is logged.

Expected Behavior
The forwarded ip is logged.

Troubleshooting/Testing Steps Attempted
I’ve tried to change the parameter to several settings without success. The apache server is logging the correct ip. I’ve set up a testsite within apache and the real ip is displayed within the header “HTTP_X_FORWARDED_FOR”

No workaround found yet.

Hi darootler,

apache_request_headers() function strips ‘HTTP_’ from the header name and replaces underscores with dashes. So in your case it should be X-FORWARDED-FOR.


Thanks for the report. I have created a ticket for it


option “X-FORWARDED-FOR” is working as expected.

Thank you for creating the ticket and your help.


Log in to reply

Looks like your connection to Kopano Community Forum was lost, please wait while we try to reconnect.