From 48260ea268eaa86e1c8ae361f75ba4ec78a8f208 Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Mon, 1 Sep 2014 15:12:34 -0700
Subject: [PATCH] Use remote IP for all authentication if trusted
 https://github.com/webmin/webmin/issues/168

---
 miniserv.pl | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/miniserv.pl b/miniserv.pl
index fe938687e..e2188b403 100755
--- a/miniserv.pl
+++ b/miniserv.pl
@@ -1398,6 +1398,11 @@ local $headerhost = $header{'x-forwarded-for'} ||
 		    $header{'x-real-ip'};
 if ($config{'trust_real_ip'}) {
 	$acpthost = $headerhost || $acpthost;
+	if (&check_ipaddress($headerhost) || &check_ip6address($headerhost)) {
+		# If a remote IP was given, use it for all access control checks
+		# from now on.
+		$acptip = $headerhost;
+		}
 	$loghost = $acpthost;
 	}
 else {