The current authentication model works OK when communicating directly with JILS.
However, if the JILS server is behind a reverse proxy, it's not currently possible to identify whether the originating IP is authorised or not.
Most reverse proxies will set an X-Forwarded-For header, however we cannot simply rely on that as a malicious client could simply send a request with a known authorised IP in that header.
So, we need an extra configuration parameter to list known authorised reverse proxies. If the connection has come from one of those IP's the source IP should be extracted from X-Forwarded-For and authentication performed based on that.
This makes a couple of assumptions which must be true in order for the planned model to work
- Downstream Proxy will always set X-Forwarded-For
- Downstream Proxy will pass through the client's User-Agent
If either of those is untrue then the planned model won't work (or will give unexpected results). They don't seem like unreasonable constraints though.