Skip to content

Commit

Permalink
Update tcp.mdx (hashicorp#19546)
Browse files Browse the repository at this point in the history
expand the info for using x-forwarded-for option
  • Loading branch information
rowansmithhc authored Mar 23, 2023
1 parent f674f0e commit c314197
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion website/content/docs/configuration/listener/tcp.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,11 @@ default value in the `"/sys/config/ui"` [API endpoint](/vault/api-docs/system/co
- `x_forwarded_for_authorized_addrs` `(string: <required-to-enable>)`
Specifies the list of source IP CIDRs for which an X-Forwarded-For header
will be trusted. Comma-separated list or JSON array. This turns on
X-Forwarded-For support.
X-Forwarded-For support. If for example Vault receives connections from the
load balancer's IP of `1.2.3.4`, adding `1.2.3.4` to `x_forwarded_for_authorized_addrs`
will result in the `remote_address` field in the audit log being populated with the
connecting client's IP, for example `3.4.5.6`. Note this requires the load balancer
to send the connecting client's IP in the `X-Forwarded-For` header.

- `x_forwarded_for_hop_skips` `(string: "0")` – The number of addresses that will be
skipped from the _rear_ of the set of hops. For instance, for a header value
Expand Down

0 comments on commit c314197

Please sign in to comment.