Configuring a Trusted Proxy
If your web servers sit behind a load balancer, HTTP cache, or other intermediary (reverse) proxy, SupportPal requires some additional configuration. For security reasons, the software must be informed of which proxies to "trust" before it will attempt to read the
By default SupportPal expects following header to be sent from the proxy. If your proxy sends slightly different headers, the configuration file can be adjusted to suit your requirements (more details further down).
||The IP address of the client.|
||The hostname used to access the site in the browser.|
||The schema/protocol (http/https) used by the client.|
||The port used by the client (typically 80 or 443).|
Example nginx Configuration
If you're using nginx as a reverse proxy, please find the below example configuration for forwarding headers:
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host;
Create a new file
<?php return [ /* * Set trusted proxy IP addresses. * * Both IPv4 and IPv6 addresses are * supported, along with CIDR notation. * * The "*" character is syntactic sugar * within TrustedProxy to trust any proxy; * a requirement when you cannot know the address * of your proxy (e.g. if using Rackspace balancers). */ 'proxies' => [ '192.168.1.10', ], /* * Default Header Names * * Change these if the proxy does * not send the default header names. * * Note that headers such as X-Forwarded-For * are transformed to HTTP_X_FORWARDED_FOR format. * * The following are Symfony defaults, found in * \Symfony\Component\HttpFoundation\Request::$trustedHeaders */ 'headers' => [ \Illuminate\Http\Request::HEADER_CLIENT_IP => 'X_FORWARDED_FOR', \Illuminate\Http\Request::HEADER_CLIENT_HOST => 'X_FORWARDED_HOST', \Illuminate\Http\Request::HEADER_CLIENT_PROTO => 'X_FORWARDED_PROTO', \Illuminate\Http\Request::HEADER_CLIENT_PORT => 'X_FORWARDED_PORT', ] ];
In this example, we tell SupportPal to "trust" a proxy with IP address
192.168.1.10. If you use multiple IP addresses, these can be specified using a comma delimited list:
'192.168.1.10', '192.168.1.11', '192.168.1.12'
Alternatively, if you're using a cloud-based service the IP address is typically dynamic. To "trust" any IP address:
<?php return [ 'proxies' => '*', ];
Changing the default X-FORWARDED-* headers
The default headers are configured under the '
headers' element on the configuration file. If your proxy sends different headers, the defaults can be changed. For example, HAProxy may send an
X-FORWARD-SCHEME header rather than the
<?php return [ 'headers' => [ Illuminate\Http\Request::HEADER_CLIENT_PROTO => 'X_FORWARDED_SCHEME', ] ];
IN_THIS_FORMAT, while we set the headers
In-This-Format. This is normalised under-the-hood.