reverse_proxy_header
Security covered
This module is the simplest way to use the specific HTTP header name to determine the client IP.
The module provides an equivalent of reverse_proxy_header setting (which is deprecated from Drupal 8.7.0).
The most common usage is:
- real client IP is stored in some custom (non-default) header;
- you cannot affect this on reverse proxy or server sides.
The module does not provide any UI. How to use it:
Step 1) Install the module via composer and enable it.
Step 2) Add the `reverse_proxy_header` configuration to your setting.php file:
/**
* Sets the HTTP header name which stores the real client IP.
*
* @see https://www.drupal.org/project/reverse_proxy_header
*/
$settings["reverse_proxy_header"] = "HTTP_X_FORWARDED_FOR_CUSTOM_HEADER";
Here is an example for setting.php file to configure the module to use Cloudflare header only for some instances:
/**
* Reverse Proxy Header module configuration.
*
* Determines the specific header name for some environments only.
* And skips for others.
*
* @see https://www.drupal.org/project/reverse_proxy_header
*/
if (getenv("ENVIRONMENT_SPECIFIC_VARIABLE") === "value") {
$settings["reverse_proxy_header"] = "HTTP_CF_CONNECTING_IP";
}
What about available alternatives?
- rename the header name (or copy its value) to the supported header
HTTP_X_FORWARDED_FORon proxy or server side; - copy the value from the custom header to
$_SERVER['HTTP_X_FORWARDED_FOR']in your index.php before Drupal initialization;
πΊπ¦
This module is maintained by Ukrainian developers.Please consider supporting Ukraine in a fight for their freedom and safety of Europe.