Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). Varbase Media Header 9.2.1 Minor update available for module varbase_media_header (9.2.1). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

Trusted Proxy Headers Debug

213 sites No security coverage
View on drupal.org

This module helps debug and configure trusted proxy headers, essential for accurately detecting client IPs on sites behind proxies. It provides a report detailing proxy settings and how they affect incoming requests, aiding in proper configuration.

This is a developer / utility module to help with configuring and debugging Trusted Proxy Headers.

Initially it has a very no-frills UI.

It produces a report which shows what Reverse / Trusted Proxy configuration has been found in settings, along with the Trusted Headers which Drupal passes through to Symfony's Request handling code, and some of the properties of the Request which Symfony/Drupal derived using the current settings.

This might help set up - for example - proper detection of Client IPs for sites running behind proxies.

See:

  • \Drupal\Core\StackMiddleware\ReverseProxyMiddleware::setSettingsOnRequest
  • \Symfony\Component\HttpFoundation\Request::setTrustedProxies

By default the report at admin/reports/status/trusted_proxy_headers_debug is only accessible to users with the 'administer site configuration' permission.

It's possible to override this restriction with the following setting:

D8/9(/10?):

$settings['trusted_proxy_headers_debug_free_access'] = TRUE;

D7:

$conf['trusted_proxy_headers_debug_free_access'] = TRUE;

For D7 you could alternatively set the variable using drush, e.g.:

$ drush vset trusted_proxy_headers_debug_free_access 1

Be careful doing so :)

This is a basic tool with lots of room for improvement.

Activity

Total releases
2
First release
Apr 2025
Latest release
6 months ago
Releases (12 mo)
1
Maintenance
Active

Releases

Version Type Release date
1.1.x-dev Dev Jan 14, 2026
8.x-0.5 Stable Apr 7, 2025