From 80268a408b981254bbf2bd318aaade9a21a281ef Mon Sep 17 00:00:00 2001
From: Armin Ronacher <armin.ronacher@active-4.com>
Date: Tue, 20 Jul 2010 15:05:10 +0100
Subject: [PATCH] Documented proxy fix

---
 docs/conf.py              |  1 +
 docs/deploying/others.rst | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/docs/conf.py b/docs/conf.py
index 50eb8f90..601edc0a 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -246,6 +246,7 @@ intersphinx_mapping = {
     'http://werkzeug.pocoo.org/documentation/dev/': None,
     'http://www.sqlalchemy.org/docs/': None,
     'http://wtforms.simplecodes.com/docs/0.5/': None,
+    # TODO: push to 1.1
     'http://discorporate.us/projects/Blinker/docs/1.0/': None
 }
 
diff --git a/docs/deploying/others.rst b/docs/deploying/others.rst
index 1ec94be4..793a4bed 100644
--- a/docs/deploying/others.rst
+++ b/docs/deploying/others.rst
@@ -61,3 +61,38 @@ and `greenlet`_. Running a Flask application on this server is quite simple::
 .. _eventlet: http://eventlet.net/
 .. _greenlet: http://codespeak.net/py/0.9.2/greenlet.html
 
+
+Proxy Setups
+------------
+
+If you deploy your application behind an HTTP proxy you will need to
+rewrite a few headers in order for the application to work.  The two
+problematic values in the WSGI environment usually are `REMOTE_ADDR` and
+`HTTP_HOST`.  Werkzeug ships a fixer that will solve some common setups,
+but you might want to write your own WSGI middlware for specific setups.
+
+The most common setup invokes the host being set from `X-Forwarded-Host`
+and the remote address from `X-Forwared-For`::
+
+    from werkzeug.contrib.fixers import ProxyFix
+    app.wsgi_app = ProxyFix(app.wsgi_app)
+
+Please keep in mind that it is a security issue to use such a middleware
+in a non-proxy setup because it will blindly trust the incoming
+headers which might be forged by malicious clients.
+
+If you want to rewrite the headers from another header, you might want to
+use a fixer like this::
+
+    class CustomProxyFix(object):
+
+        def __init__(self, app):
+            self.app = app
+
+        def __call__(self, environ, start_response):
+            host = environ.get('HTTP_X_FHOST', '')
+            if host:
+                environ['HTTP_HOST'] = host
+            return self.app(environ, start_response)
+
+    app.wsgi_app = CustomProxyFix(app.wsgi_app)