From afb5972ab54d64f8c4e7b09962fb2088e427920b Mon Sep 17 00:00:00 2001
From: Peter Powell <petpow@saberuk.com>
Date: Fri, 29 Nov 2019 11:09:36 +0000
Subject: WebSocket: replace the behindproxy switch with a proxy IP list.

---
 docs/conf/modules.conf.example | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'docs/conf/modules.conf.example')

diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example
index 9cb78daee..cee785436 100644
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@@ -2307,9 +2307,9 @@
 # Requires SHA-1 hash support available in the sha1 module.
 #<module name="websocket">
 #
-# behindproxy: Whether the server is behind a proxy that sends the
-#              X-Real-IP or X-Forwarded-For headers. If enabled the
-#              server will use the IP address specified by those HTTP
+# proxyranges: A space-delimited list of glob or CIDR matches to trust
+#              the X-Real-IP or X-Forwarded-For headers from. If enabled
+#              the server will use the IP address specified by those HTTP
 #              headers. You should NOT enable this unless you are using
 #              a HTTP proxy like nginx as it will allow IP spoofing.
 # sendastext: Whether to re-encode messages as UTF-8 before sending to
@@ -2317,7 +2317,7 @@
 #             protocol requires all text frames to be sent as UTF-8.
 #             If you do not have this enabled messages will be sent as
 #             binary frames instead.
-#<websocket behindproxy="no"
+#<websocket proxyranges="192.0.2.0/24 198.51.100.*"
 #           sendastext="yes">
 #
 # If you use the websocket module you MUST specify one or more origins
-- 
cgit v1.2.3