X-FORWARDED-FOR header instead of REMOTE_HOST

[GoogleCodeExporter]

What steps will reproduce the problem?

1. configure auth_token as usual with IP check enabled.

2. try to access one of the protected the pages through any proxy, with the 
token generated for client IP address.

3. you will get "unauthorized", because auth_token is only seeing proxy IP 
address, and does not check "x-forwarded-for" header from the request.

What version of the product are you using? On what operating system?
1.0.6beta on Ubuntu 12.04.1 LTS x64


Please provide any additional information below.

It would be great, if this module can be configured to use any HTTP header in 
authentication, not just "remote_host"

Original issue reported on code.google.com by v.yesa...@gmail.com on 20 Sep 2012 at 7:24

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

A work-around is to use the apache module rpaf (see 
http://stderr.net/apache/rpaf/), which will make sure the X-Forwarded-For IP 
address is being used as origin IP address. This works for mod_auth_token 
1.0.6beta on Ubuntu 12.04 LTS x64 with HAProxy loadbalancer.

Original comment by nji...@gmail.com on 14 Mar 2013 at 11:26