@@ -76,4 +76,22 @@ That's it! It's critical that you prevent traffic from all non-trusted sources.
7676If you allow outside traffic, they could "spoof" their true IP address and
7777other information.
7878
79+ Custom Headers When Using a Reverse Proxy
80+ -----------------------------------------
81+
82+ Some reverse proxies (like `CloudFront `_ with ``CloudFront-Forwarded-Proto ``) may force you to use a custom header.
83+ For instance you have ``Custom-Forwarded-Proto `` instead of ``X-Forwarded-Proto ``.
84+
85+ In this case, you'll need to set the header ``X-Forwarded-Proto `` with the value of
86+ ``Custom-Forwarded-Proto `` early enough in your application, i.e. before handling the request::
87+
88+ // public/index.php
89+
90+ // ...
91+ $_SERVER['HEADER_X_FORWARDED_PROTO'] = $_SERVER['HEADER_CUSTOM_FORWARDED_PROTO'];
92+ // ...
93+ $response = $kernel->handle($request);
94+
7995.. _`security groups` :http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html
96+ .. _`RFC 7239` :http://tools.ietf.org/html/rfc7239
97+ .. _`CloudFront` :https://en.wikipedia.org/wiki/Amazon_CloudFront