Currently, we have a trusted app connection between EAC and JAC. It doesn't work any more because JAC now has mod_proxy in front of it. We get the following error:

Errors were reported by the JIRA trusted connection.

• BAD_REMOTE_IP; Request not allowed from IP address: {0}; ["127.0.0.101"]

Steve tells me that JIRA should be looking at the X-Forwarded-For header to determine the correct remote IP for access control when there is a reverse proxy in front of JIRA.

Adding this IP address (127.0.0.101) to the access control list is not a viable option, because all requests that hit JIRA have this IP address. Anyone would be able to send a trusted request if we added it.

Edit. The above statement is not correct. The protocol checks both the remote IP and any X-Forwarded-For headers for IP matching and all IP addresses must be on the list of valid IPs. The documentation mentions this but does not make it clear.