Support

Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)?
Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: 2.5.x / 1.5.25
PHP version: 5.3.2
MySQL version: 5.1.x
Host: (optional, but it helps us help you)
Admin Tools version: 2.2.0

Description of my issue:

This is not exactly an issue, but a sort of inquiry / feature request (if it is missing).
Does AT Pro support XFF, XFF Header Name: X-Forwarded-ForP
The question is being raised by a security expert from a company we develop Joomla base applications for.

Cheers,
Nuno.

According to the same source:

The problem is that when a reverse proxy performing NAT sits between Joomla and the Internet, for Joomla all the incoming HTTP requests are coming from internal IP address of the reverse proxy.



Example:



Internet User (x.x.x.x) -à (INTERNET) -à Company’s reverse proxy (y.y.y.y) à Joomla server



If an attack is detected by Joomla and the client IP address is banned, the banned IP will be y.y.y.y instead of x.x.x.x which will perform a full DoS to the Joomla server since no more requests coming from Internet will be served anymore (for Joomla all come from the same IP y.y.y.y).

Think I understand where the guy i getting at.
Behind a reverse proxy there has to be a means to let AT know the original IP address the offendong request originates from.
XFF would apparently solve the issue.