builder {
+ # use proxy headers for client IP address
+ enable sub {
+ my ( $app, $env ) = @_;
+ return sub {
+ my $env = shift;
+ my $client_ip = $env->{HTTP_X_REAL_IP} || $env->{HTTP_X_FORWARDED_FOR};
+ if ( $client_ip ) {
+ my $proxy_ip = $env->{REMOTE_ADDR};
+ die "request not from authorized proxy $proxy_ip" if $proxy_ip !~ /\Q127.0.0.1\E$/;
+ warn "# rewrite $proxy_ip -> $client_ip\n";
+ $env->{REMOTE_ADDR} = $client_ip;
+ }
+
+ $app->( $env );
+ }
+ };
+
enable "Plack::Middleware::ServerStatus::Lite",
path => '/server-status',
# allow => [ '127.0.0.1', '10.60.0.0/16', '193.198.0.0/16', '0.0.0.0/32' ], # FIXME doesn't work for IPv6