Skip to content
ALTCHA ALTCHA ALTCHA

Reverse Proxy Configuration

In production environments, ALTCHA Sentinel is typically deployed behind a reverse proxy, CDN, API gateway, or load balancer such as nginx or Cloudflare.

To ensure accurate client identification, device detection, and request analysis, the proxy should forward the original client IP address and relevant HTTP headers.

Forwarding Client IP Addresses

ALTCHA Sentinel supports the standard X-Forwarded-For header for determining the originating client IP address.

For additional security, configure the X_FORWARDED_FOR_TRUSTED environment variable to specify trusted proxy IP addresses. Requests containing X-Forwarded-For values from untrusted sources will be ignored.

Forwarding HTTP Headers

To maximize detection accuracy and preserve client metadata, forward all client request headers whenever possible.

At a minimum, ensure the following headers are preserved:

  • Accept
  • Accept-Language
  • Sec-CH-UA
  • Sec-CH-UA-Mobile
  • Sec-CH-UA-Platform
  • User-Agent

These headers are commonly used for browser, platform, and device information.