Skip to content

Commit 03efea8

Browse files
javiereguiluzjaviereguiluz
committed
Merge branch '5.2' into 5.x
* 5.2: fix the trusted proxies configuration
2 parents a108e59 + e082c3a commit 03efea8

File tree

1 file changed

+14
-15
lines changed

1 file changed

+14
-15
lines changed

deployment/proxies.rst

Lines changed: 14 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -33,13 +33,13 @@ and what headers your reverse proxy uses to send information:
3333
# ...
3434
// the IP address (or range) of your proxy
3535
trusted_proxies: '192.0.0.1,10.0.0.0/8'
36-
// trust *all* "X-Forwarded-*" headers (the ! prefix means to not trust those headers)
37-
trusted_headers: ['x-forwarded-all', '!x-forwarded-host', '!x-forwarded-prefix']
36+
// trust *all* "X-Forwarded-*" headers
37+
trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port']
3838
// or, if your proxy instead uses the "Forwarded" header
39-
trusted_headers: ['forwarded', '!x-forwarded-host', '!x-forwarded-prefix']
39+
trusted_headers: ['forwarded']
4040
// or, if you're using a wellknown proxy
41-
trusted_headers: [!php/const Symfony\\Component\\HttpFoundation\\Request::HEADER_X_FORWARDED_AWS_ELB, '!x-forwarded-host', '!x-forwarded-prefix']
42-
trusted_headers: [!php/const Symfony\\Component\\HttpFoundation\\Request::HEADER_X_FORWARDED_TRAEFIK, '!x-forwarded-host', '!x-forwarded-prefix']
41+
trusted_headers: [!php/const Symfony\\Component\\HttpFoundation\\Request::HEADER_X_FORWARDED_AWS_ELB]
42+
trusted_headers: [!php/const Symfony\\Component\\HttpFoundation\\Request::HEADER_X_FORWARDED_TRAEFIK]
4343
4444
.. code-block:: xml
4545
@@ -57,15 +57,14 @@ and what headers your reverse proxy uses to send information:
5757
<!-- the IP address (or range) of your proxy -->
5858
<framework:trusted-proxies>192.0.0.1,10.0.0.0/8</framework:trusted-proxies>
5959
60-
<!-- trust *all* "X-Forwarded-*" headers (the ! prefix means to not trust those headers) -->
61-
<framework:trusted-header>x-forwarded-all</framework:trusted-header>
62-
<framework:trusted-header>!x-forwarded-host</framework:trusted-header>
63-
<framework:trusted-header>!x-forwarded-prefix</framework:trusted-header>
60+
<!-- trust *all* "X-Forwarded-*" headers -->
61+
<framework:trusted-header>x-forwarded-for</framework:trusted-header>
62+
<framework:trusted-header>x-forwarded-host</framework:trusted-header>
63+
<framework:trusted-header>x-forwarded-proto</framework:trusted-header>
64+
<framework:trusted-header>x-forwarded-port</framework:trusted-header>
6465
6566
<!-- or, if your proxy instead uses the "Forwarded" header -->
6667
<framework:trusted-header>forwarded</framework:trusted-header>
67-
<framework:trusted-header>!x-forwarded-host</framework:trusted-header>
68-
<framework:trusted-header>!x-forwarded-prefix</framework:trusted-header>
6968
</framework:config>
7069
</container>
7170
@@ -78,12 +77,12 @@ and what headers your reverse proxy uses to send information:
7877
// the IP address (or range) of your proxy
7978
'trusted_proxies' => '192.0.0.1,10.0.0.0/8',
8079
// trust *all* "X-Forwarded-*" headers (the ! prefix means to not trust those headers)
81-
'trusted_headers' => ['x-forwarded-all', '!x-forwarded-host', '!x-forwarded-prefix'],
80+
'trusted_headers' => ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port'],
8281
// or, if your proxy instead uses the "Forwarded" header
83-
'trusted_headers' => ['forwarded', '!x-forwarded-host', '!x-forwarded-prefix'],
82+
'trusted_headers' => ['forwarded'],
8483
// or, if you're using a wellknown proxy
85-
'trusted_headers' => [Request::HEADER_X_FORWARDED_AWS_ELB, '!x-forwarded-host', '!x-forwarded-prefix'],
86-
'trusted_headers' => [Request::HEADER_X_FORWARDED_TRAEFIK, '!x-forwarded-host', '!x-forwarded-prefix'],
84+
'trusted_headers' => [Request::HEADER_X_FORWARDED_AWS_ELB],
85+
'trusted_headers' => [Request::HEADER_X_FORWARDED_TRAEFIK],
8786
]);
8887
8988
.. deprecated:: 5.2

0 commit comments

Comments
 (0)