Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). UI Patterns (SDC in Drupal UI) 2.0.18 Minor update available for module ui_patterns (2.0.18). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

Reverse Proxy Header

2,298 sites Security covered
View on drupal.org

This module allows you to specify a custom HTTP header that contains the client's real IP address. This is useful when your reverse proxy or CDN uses a non-standard header for this information.

This module is the simplest way to use the specific HTTP header name to determine the client IP.

The module provides an equivalent of reverse_proxy_header setting (which is deprecated from Drupal 8.7.0).

The most common usage is:

  • real client IP is stored in some custom (non-default) header;
  • you cannot affect this on reverse proxy or server sides.

The module does not provide any UI. How to use it:
Step 1) Install the module via composer and enable it.
Step 2) Add the `reverse_proxy_header` configuration to your setting.php file:

/**
 * Sets the HTTP header name which stores the real client IP.
 *
 * @see https://www.drupal.org/project/reverse_proxy_header
 */
$settings["reverse_proxy_header"] = "HTTP_X_FORWARDED_FOR_CUSTOM_HEADER";

Here is an example for setting.php file to configure the module to use Cloudflare header only for some instances:

/**
 * Reverse Proxy Header module configuration.
 *
 * Determines the specific header name for some environments only.
 * And skips for others.
 *
 * @see https://www.drupal.org/project/reverse_proxy_header
 */
if (getenv("ENVIRONMENT_SPECIFIC_VARIABLE") === "value") {
  $settings["reverse_proxy_header"] = "HTTP_CF_CONNECTING_IP";
}

What about available alternatives?

  1. rename the header name (or copy its value) to the supported header HTTP_X_FORWARDED_FOR on proxy or server side;
  2. copy the value from the custom header to $_SERVER['HTTP_X_FORWARDED_FOR'] in your index.php before Drupal initialization;

πŸ‡ΊπŸ‡¦

This module is maintained by Ukrainian developers.
Please consider supporting Ukraine in a fight for their freedom and safety of Europe.

Activity

Total releases
3
First release
Jan 2025
Latest release
9 months ago
Releases (12 mo)
1 ▼ from 2
Maintenance
Slowing

Release Timeline

Releases

Version Type Release date
1.1.2 Stable Sep 24, 2025
1.1.1 Stable Jan 9, 2025
1.1.0 Stable Jan 9, 2025