New Private Subnets Shortcut for Trusted Proxies

Contributed by Nicolas Grekas in #58154

If your Symfony application works behind a load balancer or reverse proxy (AWS Elastic Load Balancing, Varnish, etc.), you need to tell Symfony which reverse proxy IP addresses to trust. If the IP of the reverse proxy changes constantly, you must configure a range of IPs to trust.

In Symfony 7.2, we're adding PRIVATE_SUBNETS as a shortcut for the value of the constant IpUtils::PRIVATE_SUBNETS, so your configuration is easier to read and maintain:

        1
2
3
        # config/packages/framework.yaml
framework:
    trusted_proxies: '127.0.0.1,PRIVATE_SUBNETS'
    

Configure Trusted Proxies with Environment Variables

Contributed by Nicolas Grekas in #58161

The trusted proxies configuration is currently done in configuration files (YAML, XML, or PHP format) like this:

        1
2
3
4
5
6
7
        # config/packages/framework.yaml
framework:
    # ...
    trusted_proxies: '192.0.0.1,10.0.0.0/8'
    trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port', 'x-forwarded-prefix']
    trusted_hosts: ['...']
    trust_x_sendfile_type_header: true
    

In Symfony 7.2 we're simplifying this thanks to new environment variables. Instead of configuring the previous file, you can now set the trusted proxies configuration in these env vars:

SYMFONY_TRUST_X_SENDFILE_TYPE_HEADER
SYMFONY_TRUSTED_HEADERS
SYMFONY_TRUSTED_HOSTS
SYMFONY_TRUSTED_PROXIES

Published in #Living on the edge

New in Symfony 7.2: Simpler Trusted Proxies Configuration

New Private Subnets Shortcut for Trusted Proxies

Configure Trusted Proxies with Environment Variables

Comments

Become a Symfony contributor