SupportPal Docs

Configuring a Trusted Proxy

If your web servers sit behind a load balancer, HTTP cache, or other intermediary (reverse) proxy, SupportPal requires some additional configuration. For security reasons, the software must be informed of which proxies to "trust" before it will attempt to read the X-FORWARDED-* headers.

Contents

Proxy Configuration

By default SupportPal expects following header to be sent from the proxy. If your proxy sends slightly different headers, the configuration file can be adjusted to suit your requirements (more details further down).

Header Description
X-Forwarded-For The IP address of the client.
X-Forwarded-Host The hostname used to access the site in the browser.
X-Forwarded-Proto The schema/protocol (http/https) used by the client.
X-Forwarded-Port The port used by the client (typically 80 or 443).

Example nginx Configuration

If you're using nginx as a reverse proxy, please find the below example configuration for forwarding headers:


    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $host;

Configuration

Create a new file /config/production/trustedproxy.php:

/config/production/trustedproxy.php

    <?php

    return [

        /*
         * Set trusted proxy IP addresses.
         *
         * Both IPv4 and IPv6 addresses are
         * supported, along with CIDR notation.
         */
        'proxies' => [
            '192.168.1.10',
        ],

        /*
         * Which headers to use to detect proxy related data (For, Host, Proto, Port)
         *
         * Options include:
         *
         * - Illuminate\Http\Request::HEADER_X_FORWARDED_ALL (use all x-forwarded-* headers to establish trust)
         * - Illuminate\Http\Request::HEADER_FORWARDED (use the FORWARDED header to establish trust)
         * - Illuminate\Http\Request::HEADER_X_FORWARDED_AWS_ELB (If you are using AWS Elastic Load Balancer)
         *
         * - 'HEADER_X_FORWARDED_ALL' (use all x-forwarded-* headers to establish trust)
         * - 'HEADER_FORWARDED' (use the FORWARDED header to establish trust)
         * - 'HEADER_X_FORWARDED_AWS_ELB' (If you are using AWS Elastic Load Balancer)
         *
         * @link https://symfony.com/doc/current/deployment/proxies.html
         */
        'headers' => Illuminate\Http\Request::HEADER_X_FORWARDED_ALL,
    ];

In this example, we tell SupportPal to "trust" a proxy with IP address 192.168.1.10.

Alternatively, if you're using a cloud-based service the IP address is typically dynamic. To "trust" any IP address:


    <?php

    return [

        'proxies' => ['0.0.0.0/0', '2000:0:0:0:0:0:0:0/3'],

    ];