From 029436b88135a82a60e203e6de0425b88438e4b5 Mon Sep 17 00:00:00 2001
From: Sjoerd Hooft <sjoerd@getshifting.com>
Date: Thu, 16 Apr 2026 21:11:35 +0200
Subject: [PATCH] add support for X-Forwarded-For header in IP allow-listing

---
 apache/botcheck.conf | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/apache/botcheck.conf b/apache/botcheck.conf
index 3fccd28..d589770 100644
--- a/apache/botcheck.conf
+++ b/apache/botcheck.conf
@@ -44,6 +44,14 @@
     RewriteCond ${lookup:addresses.net.list;%{REMOTE_ADDR}|NOT_FOUND} !=NOT_FOUND
     RewriteRule .* - [E=BOTCHECK:OK]
 
+    # Set environment variable for allow-listed IPs (X-Forwarded-For header)
+    RewriteCond %{ENV:BOTCHECK} !^OK$
+    # Make sure X-Forwarded-For header is present and not empty to avoid unnecessary error:
+    # invalid input "addresses.net.list;": missing config or lookup value
+    RewriteCond %{HTTP:X-Forwarded-For} !^$
+    RewriteCond ${lookup:addresses.net.list;%{HTTP:X-Forwarded-For}|NOT_FOUND} !=NOT_FOUND
+    RewriteRule .* - [E=BOTCHECK:OK]
+
     # Set environment variable for allow-listed User-Agents
     RewriteCond %{ENV:BOTCHECK} !^OK$
     RewriteCond ${lookup:useragents.ri.list;%{HTTP_USER_AGENT}|NOT_FOUND} !=NOT_FOUND