TrustedProxy

This is a PHP package for the Laravel web framework that solves a specific problem with applications deployed behind load balancers or reverse proxies. When a web server sits behind an intermediary such as a cloud load balancer or a CDN, the server only sees the intermediary's IP address and connection details, not the original visitor's. This causes problems with URL generation, redirects, and logging because the application thinks users are connecting from the proxy's address rather than their actual one.

Modern web setups handle this by having the proxy add special HTTP headers to each request, such as X-Forwarded-For (the real visitor's IP address) and X-Forwarded-Proto (whether the original request used http or https). The catch is that Laravel only reads those headers if the proxy sending them is listed as trusted. Otherwise, any external party could set those headers and manipulate what the application believes about where a request came from.

This package provides a simpler way to configure which proxies are trusted. You list the IP addresses of your load balancers or proxy servers, and Laravel will then correctly read the forwarded headers from those sources. For hosted services like AWS where the proxy's IP address is not known in advance, you can choose to trust all proxies, though the README notes that this comes with a security trade-off.

As of Laravel 5.5, this functionality was incorporated directly into the framework itself, so the package is only needed for older versions. For Laravel 9 and above, a different built-in approach replaced it, and the README links to the upgrade documentation.