Merge pull request #689 from ExpressionEngine/feature/7.x/get-ip-behind-load-balancer

docs on using reverse proxy / load balancers

Author: bryannielsen

docs/config/config-files.md

@@ -43,6 +43,14 @@ These are the mime types that are allowed to be uploaded using the upload class.
 
 The mime types are grouped by file type. You can add the allowed mime types directly or you can add new file types containing miltiple mimes.
 
+#### Reverse Proxy IP addresses
+
+`proxy.php`
+
+If the server is behind a reverse proxy or load balancer the system will need special configuration to discover a user's real IP address. If the IP address passed along by the server matches a value or range specificed in this configuration file the system will look at the request headers to determine the real IP address.
+
+Please consult with the provider of your reverse proxy or load balancing solutions for the IP addresses or ranges to use. Some providers will let you know the exact IP address of the load balancer, while others will give you a range. Here are the links with information for some common providers: [CloudFlare](https://www.cloudflare.com/ips/), [Google Cloud](https://cloud.google.com/load-balancing/docs/https/#firewall_rules), [AWS Elastic](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html)
+
 #### 'Remember me' expiration
 
 `remember.php`

docs/general/system-configuration-overrides.md

@@ -2199,6 +2199,7 @@ Example Usage:
 ### `proxy_ips`
 
 Allow list of reverse proxy servers that may forward the visitor's IP address.
+DEPRECATED. Use [`proxy.php` config file](config/config-files.md#reverse-proxy-ip-addresses) instead.
 
 | Value        | Description                          |
 | ------------ | ------------------------------------ |

docs/optimization/handling-extreme-traffic.md

@@ -54,3 +54,9 @@ These can be disabled in your Control Panel [Tracking Preferences](control-panel
 ExpressionEngine's caching mechanisms can help reduce database load in most situations. However if you use file-based caching, that may transfer some of the resources saved from the database server to the web server. Thus, it is recommended that you use either the Memcached or Redis [caching driver](optimization/caching.md#caching-drivers) instead of the file driver, especially on high-traffic sites. The increased disk i/o from file caches being created and destroyed during a high traffic event consumes significantly more server resources than the memory-based caching drivers.
 
 If you are running in a PHP environment without Opcode caching, [saving templates as files](general/system-configuration-overrides.md#save_tmpl_files) can marginally increase disk i/o as each template must be retrieved from disk. We recommend running PHP 7 or greater so that this type of file activity is managed better by the server.
+
+## Using Load Balancers
+
+Using a load balancer or reverse proxy is a popular solution to mitigate DDoS attacks and make handling large amounts of traffic easier.
+
+When a server is placed behind a reverse proxy or load balancer ExpressionEngine might not know the user's real IP address because it would be substituted with the proxy's IP address. Most proxies however will preserve the real user's IP address and forward it through a request header. In order to use the data in those headers to obtain the real user's IP address you need to configure the system to recognize and trust the proxy IP addresses. This can be done using the [`proxy.php` configuration file](config/config-files.md#reverse-proxy-ip-addresses).