Contributed by
Dmitrii Chekaliuk
in #7735.

Whenever an application is behind some reverse proxies, you need to configure it properly to get the "real" IP address for the client and some other important information about the request.

Configuring the trusted proxies can be done easily from the front controller:

        1
        Request::setTrustedProxies(array('1.2.3.4'));
    

Or via the configuration (as of 2.3):

        1
2
        framework:
    trusted_proxies: ['1.2.3.4']
    

The setTrustedProxies() method works with IPv4 and IPv6 addresses, and as of Symfony 2.3, it also supports the CIDR notation, which is really useful when you have one or more reverse proxies with dynamic IP addresses (like for instance the Elastic Load Balancers of Amazon EC2). And of course, you can mix-and-match all notations in one call:

        1
        Request::setTrustedProxies(array('192.0.0.1', '10.0.0.0/8', 'fc00::/7'));
    

That might seem like a small addition, but one that is really useful when managing big websites.

Published in #Living on the edge

New in Symfony 2.3: Use Sub-Networks to configure Trusted Proxies

Comments

Become a Symfony contributor