docs: document proxy_ip_parser trusted_headers#76
Conversation
Document the new http.trusted_headers option: an ordered allowlist of headers used to resolve the client IP (first non-empty match wins), the default order when unset, and custom-header support.
|
Warning Review limit reached
More reviews will be available in 43 minutes and 25 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
Updates the Proxy IP parser middleware documentation to describe how the client IP is resolved from proxy headers when requests come from trusted subnets, including the new trusted_headers configuration and its default behavior.
Changes:
- Rewrites the intro/description to explain trusted-subnet gating and “first non-empty header wins” behavior.
- Documents the default header precedence order used for client IP resolution.
- Adds a new “Trusted headers” section with configuration example and parsing notes (RFC 7239 /
X-Forwarded-For).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| This middleware resolves the real client IP from proxy headers when a request arrives | ||
| through a trusted subnet. By default it consults, in order: `Forwarded`, `X-Forwarded-For`, | ||
| `X-Real-IP`, `True-Client-IP`, and `CF-Connecting-IP`. The set and order of headers can be | ||
| customized with `trusted_headers`. |
| For example, to trust only `X-Real-IP` and Cloudflare's `CF-Connecting-IP` while ignoring | ||
| `X-Forwarded-*`: |
Documents the new
http.trusted_headersoption for the proxy_ip_parser middleware: an ordered allowlist of headers used to resolve the client IP (first non-empty match wins), the default order used when unset, and custom-header support.Companion to roadrunner-server/proxy_ip_parser#120 (roadrunner-server/roadrunner#1515).