clawdbot/docs/gateway at 885167dd58285a59c0db835c977949572cc26a6d - clawdbot - 键盘的仓库

let5see/clawdbot

Files

History

Jamieson O'Reilly 6aec34bc60 fix(gateway): prevent auth bypass when behind unconfigured reverse proxy (#1795 )

* fix(gateway): prevent auth bypass when behind unconfigured reverse proxy

When proxy headers (X-Forwarded-For, X-Real-IP) are present but
gateway.trustedProxies is not configured, the gateway now treats
connections as non-local. This prevents a scenario where all proxied
requests appear to come from localhost and receive automatic trust.

Previously, running behind nginx/Caddy without configuring trustedProxies
would cause isLocalClient=true for all external connections, potentially
bypassing authentication and auto-approving device pairing.

The gateway now logs a warning when this condition is detected, guiding
operators to configure trustedProxies for proper client IP detection.

Also adds documentation for reverse proxy security configuration.

* fix: harden reverse proxy auth (#1795) (thanks @orlyjamie)

---------

Co-authored-by: orlyjamie <orlyjamie@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>

2026-01-25 15:08:03 +00:00

..

authentication.md

docs: add /help hub and Node/npm PATH guide

2026-01-16 23:10:29 +00:00

background-process.md

fix: cap pending process output

2026-01-17 08:26:12 +00:00

bonjour.md

docs: align node transport with gateway ws

2026-01-22 23:10:09 +00:00

bridge-protocol.md

docs: align node transport with gateway ws

2026-01-22 23:10:09 +00:00

cli-backends.md

chore: standardize Claude Code CLI naming (#915 )

2026-01-14 20:07:35 +00:00

configuration-examples.md

docs: update media auto-detect

2026-01-23 05:47:16 +00:00

configuration.md

fix: paragraph-aware newline chunking (#1726 )

2026-01-25 13:24:19 +00:00

discovery.md

docs: align node transport with gateway ws

2026-01-22 23:10:09 +00:00

doctor.md

docs: align gateway service naming

2026-01-21 17:45:26 +00:00

gateway-lock.md

docs: clarify multi-gateway rescue bot guidance

2026-01-15 22:10:27 +00:00

health.md

docs: complete channels rename sweep

2026-01-13 08:40:39 +00:00

heartbeat.md

feat: add beta googlechat channel

2026-01-24 23:30:45 +00:00

index.md

fix: document tools invoke + honor main session key (#1575 ) (thanks @vignesh07)

2026-01-24 09:29:32 +00:00

local-models.md

docs: simplify local models guidance

2026-01-13 03:26:00 +00:00

logging.md

fix: improve tool summaries

2026-01-23 01:00:24 +00:00

multiple-gateways.md

docs: align node transport with gateway ws

2026-01-22 23:10:09 +00:00

openai-http-api.md

Gateway: disable OpenAI HTTP chat completions by default (#686 )

2026-01-10 21:55:54 +00:00

openresponses-http-api.md

refactor: share responses input handling

2026-01-20 08:21:57 +00:00

pairing.md

docs: align node transport with gateway ws

2026-01-22 23:10:09 +00:00

protocol.md

fix: enforce secure control ui auth

2026-01-21 23:58:42 +00:00

remote-gateway-readme.md

docs: make remote host examples generic

2026-01-12 02:11:33 +00:00

remote.md

docs: fix remaining node ws references

2026-01-22 23:22:56 +00:00

sandbox-vs-tool-policy-vs-elevated.md

feat: add elevated ask/full modes

2026-01-22 05:41:11 +00:00

sandboxing.md

docs: clarify sandbox env + recreate guidance

2026-01-20 15:00:25 +00:00

security.md

fix(gateway): prevent auth bypass when behind unconfigured reverse proxy (#1795 )

2026-01-25 15:08:03 +00:00

tailscale.md

docs: fix remaining node ws references

2026-01-22 23:22:56 +00:00

tools-invoke-http-api.md

fix: document tools invoke + honor main session key (#1575 ) (thanks @vignesh07)

2026-01-24 09:29:32 +00:00

troubleshooting.md

docs: add anthropic auth error troubleshooting

2026-01-25 00:07:19 +00:00