New Private Subnets Shortcut for Trusted Proxies
Contributed by
Nicolas Grekas
in
#58154
If your Symfony application works behind a load balancer or reverse proxy
(AWS Elastic Load Balancing, Varnish, etc.), you need to tell Symfony which
reverse proxy IP addresses to trust. If the IP of the reverse proxy changes constantly,
you must configure a range of IPs to trust.
In Symfony 7.2, we're adding PRIVATE_SUBNETS as a shortcut for the value of
the constant IpUtils::PRIVATE_SUBNETS, so your configuration is easier to
read and maintain:
# config/packages/framework.yaml
framework:
trusted_proxies: '127.0.0.1,PRIVATE_SUBNETS'
Configure Trusted Proxies with Environment Variables
Contributed by
Nicolas Grekas
in
#58161
The trusted proxies configuration is currently done in configuration files (YAML,
XML, or PHP format) like this:
# config/packages/framework.yaml
framework:
# ...
trusted_proxies: '192.0.0.1,10.0.0.0/8'
trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port', 'x-forwarded-prefix']
trusted_hosts: ['...']
trust_x_sendfile_type_header: true
In Symfony 7.2 we're simplifying this thanks to new environment variables.
Instead of configuring the previous file, you can now set the trusted proxies
configuration in these env vars:
SYMFONY_TRUST_X_SENDFILE_TYPE_HEADERSYMFONY_TRUSTED_HEADERSSYMFONY_TRUSTED_HOSTSSYMFONY_TRUSTED_PROXIES
Sponsor the Symfony project.