Overview

Trusted proxies are used to correctly determine the client’s IP address when the request goes through TLS terminators, load balancers, or gateways. In typical deployments—where the backend is behind a single frontend and not directly accessible—the application works correctly without any additional configuration. However, some environments require explicit proxy configuration, such as compliance scenarios, enhanced brute-force protection, or multi-layer proxy setups.

Defaults

• Passwork trusts all REMOTE_ADDR values when determining the client’s IP address;
• The IP address is extracted from one of the default headers, if at least one of them is present;
• Access to the backend is not restricted until at least one address is defined in TRUSTED_PROXIES.

CLIENT_IP_SOURCES

CLIENT_IP_SOURCES allows you to explicitly define the list of headers from which the client’s IP address will be extracted.

Details:

• You can specify headers or the REMOTE_ADDR server variable;
• Every speciied header must start with the HTTP_ prefix;
• If one or more values are set, only the specified headers will be used;
• Multiple headers can be provided as a comma-separated list;
• The headers are processed in the order they are listed — from first to last;
• If the variable is not set, the default list of headers is used. You can view it by running php bin/console app:env:report.

Example:

shell

CLIENT_IP_SOURCES=HTTP_X-Forwarded-For,HTTP_X-Real-IP

TRUSTED_PROXIES

TRUSTED_PROXIES defines a list of trusted proxy servers. You should specify the IP addresses or CIDR ranges of proxies, corresponding to the REMOTE_ADDR of the last node before the application (for example, a load balancer or ingress controller).

Format:

shell

TRUSTED_PROXIES=192.168.1.10,10.0.0.0/16

Details:

• Values can be individual IPs or CIDR ranges;
• Multiple entries are allowed, separated by commas;
• If the format is incorrect, the application will return a configuration error;
• If TRUSTED_PROXIES is not set, requests are not blocked.

LLM version