diff --git a/deployment/proxies.rst b/deployment/proxies.rst index e846f95a808..2ebb1bb6a8f 100644 --- a/deployment/proxies.rst +++ b/deployment/proxies.rst @@ -33,6 +33,8 @@ and what headers your reverse proxy uses to send information: # ... # the IP address (or range) of your proxy trusted_proxies: '192.0.0.1,10.0.0.0/8' + # shortcut for private IP address ranges of your proxy + trusted_proxies: 'private_ranges' # trust *all* "X-Forwarded-*" headers trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port', 'x-forwarded-prefix'] # or, if your proxy instead uses the "Forwarded" header @@ -53,6 +55,8 @@ and what headers your reverse proxy uses to send information: 192.0.0.1,10.0.0.0/8 + + private_ranges x-forwarded-for @@ -75,6 +79,8 @@ and what headers your reverse proxy uses to send information: $framework // the IP address (or range) of your proxy ->trustedProxies('192.0.0.1,10.0.0.0/8') + // shortcut for private IP address ranges of your proxy + ->trustedProxies('private_ranges') // trust *all* "X-Forwarded-*" headers (the ! prefix means to not trust those headers) ->trustedHeaders(['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port', 'x-forwarded-prefix']) // or, if your proxy instead uses the "Forwarded" header @@ -82,6 +88,11 @@ and what headers your reverse proxy uses to send information: ; }; +.. versionadded:: 7.1 + + ``private_ranges`` as a shortcut for private IP address ranges for the + `trusted_proxies` option was introduced in Symfony 7.1. + .. caution:: Enabling the ``Request::HEADER_X_FORWARDED_HOST`` option exposes the