Mojolicious::Plugin::ForwardedFor - Retrieve the remote address from X-Forwarded-For
use Mojolicious::Lite; plugin ForwardedFor => {levels => 2}; # number of reverse proxies you control any '/' => sub { my $c = shift; $c->render(json => {remote_addr => $c->forwarded_for}); }; app->start;
Mojolicious supports deployment via a reverse proxy setup by specifying the proxy configuration option for Hypnotoad, or the MOJO_REVERSE_PROXY environment variable. However, "remote_address" in Mojo::Transaction will in this case only return the most recent address from the X-Forwarded-For header, as it cannot automatically determine how many remote addresses correspond to proxies.
MOJO_REVERSE_PROXY
X-Forwarded-For
Mojolicious::Plugin::ForwardedFor can be configured with the number of reverse proxy "levels" that you control, and provides a "forwarded_for" helper method that will return the remote address at that level. It is important to set "levels" no higher than the number of proxies that will have appended addresses to the X-Forwarded-For header, as the original requests can pass anything as the initial value of the header, and thus spoof additional proxy levels.
Since Mojolicious 8.72, you can configure "trusted_proxies" in Mojo::Server::Hypnotoad as a more reliable alternative to the baseline reverse proxy configuration, affecting "remote_address" in Mojo::Transaction directly without need of this plugin.
Mojolicious::Plugin::ForwardedFor implements the following helpers.
my $remote_addr = $c->forwarded_for;
Returns the least recently appended remote address from the X-Forwarded-For header, while skipping no more than the configured number of reverse proxy "levels". Returns the originating address of the current request if configured for 0 reverse proxy levels, or if no addresses have been appended to the header.
Mojolicious::Plugin::ForwardedFor inherits all methods from Mojolicious::Plugin and implements the following new ones.
$plugin->register(Mojolicious->new); $plugin->register(Mojolicious->new, {levels => 1});
Register helper in Mojolicious application. Takes the following options:
Number of remote proxy levels to allow for when parsing X-Forwarded-For. Defaults to the value of the MOJO_REVERSE_PROXY environment variable, or 1.
Report any issues on the public bugtracker.
Dan Book <dbook@cpan.org>
This software is Copyright (c) 2018 by Dan Book.
This is free software, licensed under:
The Artistic License 2.0 (GPL Compatible)
Mojo::Transaction, Mojolicious::Guides::Cookbook
To install Mojolicious::Plugin::ForwardedFor, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Mojolicious::Plugin::ForwardedFor
CPAN shell
perl -MCPAN -e shell install Mojolicious::Plugin::ForwardedFor
For more information on module installation, please visit the detailed CPAN module installation guide.