| PackageDescription | Mojolicious supports deployment via a reverse proxy setup by specifying the
proxy configuration option for Hypnotoad, or the 'MOJO_REVERSE_PROXY'
environment variable. However, Mojo::Transaction/"remote_address" will in
this case only return the most recent address from the 'X-Forwarded-For'
header, as it cannot automatically determine how many remote addresses
correspond to proxies.
Mojolicious::Plugin::ForwardedFor can be configured with the number of
reverse proxy "levels" that you control, and provides a "forwarded_for"
helper method that will return the remote address at that level. It is
important to set "levels" no higher than the number of proxies that will
have appended addresses to the 'X-Forwarded-For' header, as the original
requests can pass anything as the initial value of the header, and thus
spoof additional proxy levels.
Since Mojolicious 8.72, you can configure
Mojo::Server::Hypnotoad/"trusted_proxies" as a more reliable alternative to
the baseline reverse proxy configuration, affecting
Mojo::Transaction/"remote_address" directly without need of this plugin. |