From ed876afea26130915acd7395a0ae9bf8b3828549 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Wed, 18 Jan 2017 11:01:35 +0100 Subject: [PATCH 1/2] Added a minor help note about Request::setTrustedProxies --- components/http_foundation/trusting_proxies.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/components/http_foundation/trusting_proxies.rst b/components/http_foundation/trusting_proxies.rst index 461d6ddac57..d81dac2559d 100644 --- a/components/http_foundation/trusting_proxies.rst +++ b/components/http_foundation/trusting_proxies.rst @@ -17,7 +17,7 @@ the actual host may be stored in an ``X-Forwarded-Host`` header. Since HTTP headers can be spoofed, Symfony does *not* trust these proxy headers by default. If you are behind a proxy, you should manually whitelist -your proxy. +your proxy as follows: .. versionadded:: 2.3 CIDR notation support was introduced in Symfony 2.3, so you can whitelist whole @@ -27,7 +27,8 @@ your proxy. use Symfony\Component\HttpFoundation\Request; - // only trust proxy headers coming from this IP addresses + // put this code as early as possible in your application (e.g. in your + // front controller) to only trust proxy headers coming from these IP addresses Request::setTrustedProxies(array('192.0.0.1', '10.0.0.0/8')); You should also make sure that your proxy filters unauthorized use of these From 34b0f3c3f0aac10541475cdebf1ddfecec0e3782 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Sun, 22 Jan 2017 22:43:33 +0100 Subject: [PATCH 2/2] Moved the "versionadded" directive --- components/http_foundation/trusting_proxies.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/components/http_foundation/trusting_proxies.rst b/components/http_foundation/trusting_proxies.rst index d81dac2559d..9fc5ead0f36 100644 --- a/components/http_foundation/trusting_proxies.rst +++ b/components/http_foundation/trusting_proxies.rst @@ -19,10 +19,6 @@ Since HTTP headers can be spoofed, Symfony does *not* trust these proxy headers by default. If you are behind a proxy, you should manually whitelist your proxy as follows: -.. versionadded:: 2.3 - CIDR notation support was introduced in Symfony 2.3, so you can whitelist whole - subnets (e.g. ``10.0.0.0/8``, ``fc00::/7``). - .. code-block:: php use Symfony\Component\HttpFoundation\Request; @@ -31,6 +27,10 @@ your proxy as follows: // front controller) to only trust proxy headers coming from these IP addresses Request::setTrustedProxies(array('192.0.0.1', '10.0.0.0/8')); +.. versionadded:: 2.3 + CIDR notation support was introduced in Symfony 2.3, so you can whitelist whole + subnets (e.g. ``10.0.0.0/8``, ``fc00::/7``). + You should also make sure that your proxy filters unauthorized use of these headers, e.g. if a proxy natively uses the ``X-Forwarded-For`` header, it should not allow clients to send ``Forwarded`` headers to Symfony. pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy