romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
885167dd58
openclaw/docs/gateway
History
Jamieson O'Reilly 6aec34bc60
fix(gateway): prevent auth bypass when behind unconfigured reverse proxy (#1795) 
* fix(gateway): prevent auth bypass when behind unconfigured reverse proxy

When proxy headers (X-Forwarded-For, X-Real-IP) are present but
gateway.trustedProxies is not configured, the gateway now treats
connections as non-local. This prevents a scenario where all proxied
requests appear to come from localhost and receive automatic trust.

Previously, running behind nginx/Caddy without configuring trustedProxies
would cause isLocalClient=true for all external connections, potentially
bypassing authentication and auto-approving device pairing.

The gateway now logs a warning when this condition is detected, guiding
operators to configure trustedProxies for proper client IP detection.

Also adds documentation for reverse proxy security configuration.

* fix: harden reverse proxy auth (#1795) (thanks @orlyjamie)

---------

Co-authored-by: orlyjamie <orlyjamie@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-01-25 15:08:03 +00:00
..
authentication.md docs: add /help hub and Node/npm PATH guide 2026-01-16 23:10:29 +00:00
background-process.md fix: cap pending process output 2026-01-17 08:26:12 +00:00
bonjour.md docs: align node transport with gateway ws 2026-01-22 23:10:09 +00:00
bridge-protocol.md docs: align node transport with gateway ws 2026-01-22 23:10:09 +00:00
cli-backends.md chore: standardize Claude Code CLI naming (#915) 2026-01-14 20:07:35 +00:00
configuration-examples.md docs: update media auto-detect 2026-01-23 05:47:16 +00:00
configuration.md fix: paragraph-aware newline chunking (#1726) 2026-01-25 13:24:19 +00:00
discovery.md docs: align node transport with gateway ws 2026-01-22 23:10:09 +00:00
doctor.md docs: align gateway service naming 2026-01-21 17:45:26 +00:00
gateway-lock.md docs: clarify multi-gateway rescue bot guidance 2026-01-15 22:10:27 +00:00
health.md docs: complete channels rename sweep 2026-01-13 08:40:39 +00:00
heartbeat.md feat: add beta googlechat channel 2026-01-24 23:30:45 +00:00
index.md fix: document tools invoke + honor main session key (#1575) (thanks @vignesh07) 2026-01-24 09:29:32 +00:00
local-models.md docs: simplify local models guidance 2026-01-13 03:26:00 +00:00
logging.md fix: improve tool summaries 2026-01-23 01:00:24 +00:00
multiple-gateways.md docs: align node transport with gateway ws 2026-01-22 23:10:09 +00:00
openai-http-api.md Gateway: disable OpenAI HTTP chat completions by default (#686) 2026-01-10 21:55:54 +00:00
openresponses-http-api.md refactor: share responses input handling 2026-01-20 08:21:57 +00:00
pairing.md docs: align node transport with gateway ws 2026-01-22 23:10:09 +00:00
protocol.md fix: enforce secure control ui auth 2026-01-21 23:58:42 +00:00
remote-gateway-readme.md docs: make remote host examples generic 2026-01-12 02:11:33 +00:00
remote.md docs: fix remaining node ws references 2026-01-22 23:22:56 +00:00
sandbox-vs-tool-policy-vs-elevated.md feat: add elevated ask/full modes 2026-01-22 05:41:11 +00:00
sandboxing.md docs: clarify sandbox env + recreate guidance 2026-01-20 15:00:25 +00:00
security.md fix(gateway): prevent auth bypass when behind unconfigured reverse proxy (#1795) 2026-01-25 15:08:03 +00:00
tailscale.md docs: fix remaining node ws references 2026-01-22 23:22:56 +00:00
tools-invoke-http-api.md fix: document tools invoke + honor main session key (#1575) (thanks @vignesh07) 2026-01-24 09:29:32 +00:00
troubleshooting.md docs: add anthropic auth error troubleshooting 2026-01-25 00:07:19 +00:00