This project is not covered by Drupal’s security advisory policy.
This is a developer / utility module to help with configuring and debugging Trusted Proxy Headers.
Initially it has a very no-frills UI.
It produces a report which shows what Reverse / Trusted Proxy configuration has been found in settings, along with the Trusted Headers which Drupal passes through to Symfony's Request handling code, and some of the properties of the Request which Symfony/Drupal derived using the current settings.
This might help set up - for example - proper detection of Client IPs for sites running behind proxies.
See:
- \Drupal\Core\StackMiddleware\ReverseProxyMiddleware::setSettingsOnRequest
- \Symfony\Component\HttpFoundation\Request::setTrustedProxies
By default the report at admin/reports/status/trusted_proxy_headers_debug is only accessible to users with the 'administer site configuration' permission.
It's possible to override this restriction with the following setting:
D8/9(/10?):
$settings['trusted_proxy_headers_debug_free_access'] = TRUE;
D7:
$conf['trusted_proxy_headers_debug_free_access'] = TRUE;
For D7 you could alternatively set the variable using drush, e.g.:
$ drush vset trusted_proxy_headers_debug_free_access 1
Be careful doing so :)
This is a basic tool with lots of room for improvement.
Project information
Minimally maintained
Maintainers monitor issues, but fast responses are not guaranteed.- Maintenance fixes only
Considered feature-complete by its maintainers. - Project categories: Developer tools, Security
201 sites report using this module- Created by mcdruid on , updated
This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.
Releases
Development version: 8.x-0.x-dev updated 1 Feb 2024 at 14:12 UTC
