Connection to the platform can be performed via a reverse proxy server. A reverse proxy server relays client requests from the external network to one or more servers logically located on the internal network.
If a user who is allowed to authorize only from certain IP addresses tries to connect to the platform through a reverse proxy server, the platform will block the authorization attempt. This is because the connection will be registered from the IP address of the proxy server, not the real IP address of the user.
To allow authorization for such a user, transmit a list of reverse proxy networks to the platform:
- Get the authorization token:
curl -k -X POST -H "accept: application/json" -H "Content-Type: application/json" 'https://domain.com/auth/v4/public/token' -d '{"email": "admin_email", "password": "admin_pass"}'Comments to the commandIn response, you will get the message in the form:
Example of response in JSON{ "confirmed": true, "expires_at": null, "id": "6", "token": "4-e9726dd9-61d9-2940-add3-914851d2cb8a" }Save the received token value.
- Perform a request of the form:
curl -k -X POST 'https://example.com/auth/v4/realip/trusted_servers' -d '{"header": "<proxy_set_header>", "ips": ["<network_1>","<network_2>","<network_3>",...,"<network_N>"]}' -H 'x-xsrf-token: <token>'CommentsExample commandcurl -k -X POST 'https://example.com/auth/v4/realip/trusted_servers' -d '{"header": "CF-Connecting-IP", "ips": ["173.245.48.0/20","103.21.244.0/22","103.22.200.0/22"]}' -H 'x-xsrf-token: 4-e9726dd9-61d9-2940-add3-914851d2cb8a'
To check the list of added networks, perform a request:
curl -k -X GET 'https://example.com/auth/v4/realip/trusted_servers' -H 'x-xsrf-token: <token>'To delete the list of added networks, perform the request:
curl -k -X DELETE 'https://example.com/auth/v4/realip/trusted_servers' -H 'x-xsrf-token: <token>'