From b7c5ff76424d5f7420ab2c29b00352f7591a0013 Mon Sep 17 00:00:00 2001
From: Ralf Becker <RalfBecker@outdoor-training.de>
Date: Wed, 9 Nov 2016 22:17:07 +0100
Subject: [PATCH] use $_SERVER[HTTP_X_FORWARDED_FOR] IP for ACL check if set,
 if not use $_SERVER[REMOTE_ADDR]

---
 setup/inc/class.setup.inc.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/setup/inc/class.setup.inc.php b/setup/inc/class.setup.inc.php
index 86fb102b81..40b2c4bbed 100644
--- a/setup/inc/class.setup.inc.php
+++ b/setup/inc/class.setup.inc.php
@@ -259,7 +259,8 @@ class setup
 		$auth_type = strtolower($_auth_type);
 		$GLOBALS['egw_info']['setup']['HeaderLoginMSG'] = $GLOBALS['egw_info']['setup']['ConfigLoginMSG'] = '';
 
-		if(!$this->checkip($_SERVER['REMOTE_ADDR']))
+		if(!$this->checkip(isset($_SERVER['HTTP_X_FORWARDED_FOR']) ?
+			$_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']))
 		{
 			//error_log(__METHOD__."('$auth_type') invalid IP");
 			return false;