New Private Subnets Shortcut for Trusted Proxies
If your Symfony application works behind a load balancer or reverse proxy (AWS Elastic Load Balancing, Varnish, etc.), you need to tell Symfony which reverse proxy IP addresses to trust. If the IP of the reverse proxy changes constantly, you must configure a range of IPs to trust.
In Symfony 7.2, we're adding PRIVATE_SUBNETS
as a shortcut for the value of
the constant IpUtils::PRIVATE_SUBNETS
, so your configuration is easier to
read and maintain:
1 2 3
# config/packages/framework.yaml
framework:
trusted_proxies: '127.0.0.1,PRIVATE_SUBNETS'
Configure Trusted Proxies with Environment Variables
The trusted proxies configuration is currently done in configuration files (YAML, XML, or PHP format) like this:
1 2 3 4 5 6 7
# config/packages/framework.yaml
framework:
# ...
trusted_proxies: '192.0.0.1,10.0.0.0/8'
trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port', 'x-forwarded-prefix']
trusted_hosts: ['...']
trust_x_sendfile_type_header: true
In Symfony 7.2 we're simplifying this thanks to new environment variables. Instead of configuring the previous file, you can now set the trusted proxies configuration in these env vars:
SYMFONY_TRUST_X_SENDFILE_TYPE_HEADER
SYMFONY_TRUSTED_HEADERS
SYMFONY_TRUSTED_HOSTS
SYMFONY_TRUSTED_PROXIES