User IP proxy headers {#if !isEnabled && healthData.possibleProxyHeader} {:else if isEnabled && !hasChanges && !formSettings.trustedProxy.headers.includes(healthData.possibleProxyHeader)} {/if}
{#if isEnabled} Enabled {:else} Disabled {/if} {#if hasErrors} {/if}
Resolved user IP: {healthData.realIP || "N/A"}

Detected proxy header: {healthData.possibleProxyHeader || "N/A"}

When PocketBase is deployed on platforms like Fly or it is accessible through proxies such as NGINX, requests from different users will originate from the same IP address (the IP of the proxy connecting to your PocketBase app).

In this case to retrieve the actual user IP (used for rate limiting, logging, etc.) you need to properly configure your proxy and list below the trusted headers that PocketBase could use to extract the user IP.

When using such proxy, to avoid spoofing it is recommended to:

  • use headers that are controlled only by the proxy and cannot be manually set by the users
  • make sure that the PocketBase server can be accessed only through the proxy

You can clear the headers field if PocketBase is not deployed behind a proxy.

Comma separated list of headers such as: {#each suggestedProxyHeaders as header}   {/each}