New in Symfony 7.2: Simpler Trusted Proxies Configuration

November 12, 2024 Published by Avatar of Javier Eguiluz Javier Eguiluz

Symfony 7.2 is backed by:

Sulu is the CMS for Symfony developers. It provides pre-built content-management features while giving developers the freedom to build, deploy, and maintain custom solutions using full-stack Symfony. Sulu is ideal for creating complex websites, integrating external tools, and building custom-built solutions.
At Rector, we help successful and growing companies to get the most of the code they already have. Including upgrading to the latest Symfony LTS. We deliver automated refactoring, reduce maintenance costs, speed up feature delivery, and transform legacy code into a strategic asset. Let us handle the dirty work, so you can focus on the features.

New Private Subnets Shortcut for Trusted Proxies

Nicolas Grekas
Contributed by Nicolas Grekas in #58154

If your Symfony application works behind a load balancer or reverse proxy (AWS Elastic Load Balancing, Varnish, etc.), you need to tell Symfony which reverse proxy IP addresses to trust. If the IP of the reverse proxy changes constantly, you must configure a range of IPs to trust.

In Symfony 7.2, we're adding PRIVATE_SUBNETS as a shortcut for the value of the constant IpUtils::PRIVATE_SUBNETS, so your configuration is easier to read and maintain:

1
2
3
# config/packages/framework.yaml
framework:
    trusted_proxies: '127.0.0.1,PRIVATE_SUBNETS'

Configure Trusted Proxies with Environment Variables

Nicolas Grekas
Contributed by Nicolas Grekas in #58161

The trusted proxies configuration is currently done in configuration files (YAML, XML, or PHP format) like this:

1
2
3
4
5
6
7
# config/packages/framework.yaml
framework:
    # ...
    trusted_proxies: '192.0.0.1,10.0.0.0/8'
    trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port', 'x-forwarded-prefix']
    trusted_hosts: ['...']
    trust_x_sendfile_type_header: true

In Symfony 7.2 we're simplifying this thanks to new environment variables. Instead of configuring the previous file, you can now set the trusted proxies configuration in these env vars:

  • SYMFONY_TRUST_X_SENDFILE_TYPE_HEADER
  • SYMFONY_TRUSTED_HEADERS
  • SYMFONY_TRUSTED_HOSTS
  • SYMFONY_TRUSTED_PROXIES
Published in #Living on the edge

Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.

Comments

Login with SymfonyConnect to comment