Laravel Version

11.46

PHP Version

8.4

Database Driver & Version

No response

Description

I have a Laravel APP behind an AWS Application Load Balancer. Also, my app is using Laravel Octane and FrankenPHP with Caddy as a web server.

In Caddy, I have configured the proxies to pass the X-Forwarded-* headers to the Laravel code.
I have checked this by returning the headers of a request, and then the forwarded headers are present.

Test 1:
return request()->header();
Returns the X-Forwarded-headers (Among other headers):
{ "host": ["mydomain.com"], "x-forwarded-for": ["200.123.123.123"], "x-forwarded-port": ["443"], "x-forwarded-proto": ["https"] }
BUT... Even with the x-forwarded-* headers present and correct, the Laravel configuration isn't capable of trusting this proxy.
return request()->ips();
Returns an array containing only an IP address that corresponds to one IP address assigned by the ALB within the VPC.
[172.10.0.1]

My initial configuration looks like:

$middleware->trustProxies(at: '*', headers: Request::HEADER_X_FORWARDED_AWS_ELB)

But since it doesn't work, I've changed the "at:" argument to: '**', '0.0.0.0/0', '172.10.0.0/16' But I'm still unable to get this proxy trusted.

Notes:

1. After each config change, I run php artisan optimize:clear to clear config cache.
2. AWS doesn't add the X-Forwarded-Host, but I can't find any special instructions related to this when configuring an ALB proxy, more than the instruction to set the Request::HEADER_X_FORWARDED_AWS_ELB as the trusted headers

Steps To Reproduce

Not reproducible by code.