docs on using reverse proxy / load balancers

Author: intoeetive

docs/config/config-files.md

@@ -37,6 +37,14 @@ These are the mime types that are allowed to be uploaded using the upload class.
 
 The mime types are grouped by file type. You can add the allowed mime types directly or you can add new file types containing miltiple mimes.
 
+#### Reverse Proxy IP addresses
+
+`proxy.php`
+
+If the server is behind reverse proxy or load balancer, the system would need special configuration to discover user's real IP address. If the IP address as passed in by server matches value or range specificed in this configuration file, the system will start looking into headers to determine real IP address, as forwarded by proxy/balancer.
+
+Please consult with provider of your reverse proxy or load balancing solutions for the IP addresses or ranges to use. Some providers would let you know the exact IP address of load balancer, while others would give you a range. Here are the links with information for some common providers: [CloudFlare](https://www.cloudflare.com/ips/), [Google Cloud](https://cloud.google.com/load-balancing/docs/https/#firewall_rules), [AWS Elastic](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html)
+
 #### 'Remember me' expiration
 
 `remember.php`

docs/general/system-configuration-overrides.md

@@ -2199,6 +2199,7 @@ Example Usage:
 ### `proxy_ips`
 
 Allow list of reverse proxy servers that may forward the visitor's IP address.
+DEPRECATED. Use [`proxy.php` config file](config/config-files.md#reverse-proxy-ip-addresses) instead.
 
 | Value        | Description                          |
 | ------------ | ------------------------------------ |

docs/optimization/handling-extreme-traffic.md

@@ -54,3 +54,9 @@ These can be disabled in your Control Panel [Tracking Preferences](control-panel
 ExpressionEngine's caching mechanisms can help reduce database load in most situations. However if you use file-based caching, that may transfer some of the resources saved from the database server to the web server. Thus, it is recommended that you use either the Memcached or Redis [caching driver](optimization/caching.md#caching-drivers) instead of the file driver, especially on high-traffic sites. The increased disk i/o from file caches being created and destroyed during a high traffic event consumes significantly more server resources than the memory-based caching drivers.
 
 If you are running in a PHP environment without Opcode caching, [saving templates as files](general/system-configuration-overrides.md#save_tmpl_files) can marginally increase disk i/o as each template must be retrieved from disk. We recommend running PHP 7 or greater so that this type of file activity is managed better by the server.
+
+## Using Load Balancers
+
+Using load balancer or reverse proxy server is popular solution to mitigare DDoS attacks and make handling high traffic easier.
+
+When the server is placed behind reverse proxy or load balancer, ExpressionEngine in default configuration might not know the user's real IP address because it would be substituted with the proxy IP address. Most of the proxies however would send the real user's IP in some HTTP headers. In order to use the data in those headers to obtain the real user IP address, you need to configure the system to make it aware of the list of trusted proxy IP addresses or ranges. This can be done using [`proxy.php` configuration file](config/config-files.md#reverse-proxy-ip-addresses).