Home Explore Help
Register Sign In
oleg
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Improve the support for a trust proxy

Pierre Jaury 7 years ago
parent
1af0b8abbb
commit
eddeb5e788
2 changed files with 27 additions and 56 deletions
Split View Show Diff Stats
  1. 27 0
      config/trustedproxy.php
  2. 0 56
      config/trustproxies.php

+ 27 - 0
config/trustedproxy.php
View File 

@@ -0,0 +1,27 @@
 
+<?php
 
+
 
+return [
 
+    /*
 
+     * Set trusted proxy IP addresses.
 
+     *
 
+     * Both IPv4 and IPv6 addresses are
 
+     * supported, along with CIDR notation.
 
+     *
 
+     * The "*" character is syntactic sugar
 
+     * within TrustedProxy to trust any proxy
 
+     * that connects directly to your server,
 
+     * a requirement when you cannot know the address
 
+     * of your proxy (e.g. if using Rackspace balancers).
 
+     *
 
+     * The "**" character is syntactic sugar within
 
+     * TrustedProxy to trust not just any proxy that
 
+     * connects directly to your server, but also
 
+     * proxies that connect to those proxies, and all
 
+     * the way back until you reach the original source
 
+     * IP. It will mean that $request->getClientIp()
 
+     * always gets the originating client IP, no matter
 
+     * how many proxies that client's request has
 
+     * subsequently passed through.
 
+     */
 
+    'proxies' => explode(env('TRUST_PROXIES', ''), ','),
 
+];

+ 0 - 56
config/trustproxies.php
View File 

@@ -1,56 +0,0 @@
 
-<?php
 
-
 
-return [
 
-    /*
 
-     * Set trusted proxy IP addresses.
 
-     *
 
-     * Both IPv4 and IPv6 addresses are
 
-     * supported, along with CIDR notation.
 
-     *
 
-     * The "*" character is syntactic sugar
 
-     * within TrustedProxy to trust any proxy
 
-     * that connects directly to your server,
 
-     * a requirement when you cannot know the address
 
-     * of your proxy (e.g. if using Rackspace balancers).
 
-     *
 
-     * The "**" character is syntactic sugar within
 
-     * TrustedProxy to trust not just any proxy that
 
-     * connects directly to your server, but also
 
-     * proxies that connect to those proxies, and all
 
-     * the way back until you reach the original source
 
-     * IP. It will mean that $request->getClientIp()
 
-     * always gets the originating client IP, no matter
 
-     * how many proxies that client's request has
 
-     * subsequently passed through.
 
-     */
 
-    'proxies' => explode(env('TRUST_PROXIES', ''), ','),
 
-
 
-    /*
 
-     * Default Header Names
 
-     *
 
-     * Change these if the proxy does
 
-     * not send the default header names.
 
-     *
 
-     * Note that headers such as X-Forwarded-For
 
-     * are transformed to HTTP_X_FORWARDED_FOR format.
 
-     *
 
-     * The following are Symfony defaults, found in
 
-     * \Symfony\Component\HttpFoundation\Request::$trustedHeaders
 
-     *
 
-     * You may optionally set headers to 'null' here if you'd like
 
-     * for them to be considered untrusted instead. Ex:
 
-     *
 
-     * Illuminate\Http\Request::HEADER_CLIENT_HOST  => null,
 
-     * 
-     * WARNING: If you're using AWS Elastic Load Balancing or Heroku,
 
-     * the FORWARDED and X_FORWARDED_HOST headers should be set to null 
-     * as they are currently unsupported there.
 
-     */
 
-    'headers' => [
 
-        (defined('Illuminate\Http\Request::HEADER_FORWARDED') ? Illuminate\Http\Request::HEADER_FORWARDED : 'forwarded') => 'FORWARDED',
 
-        Illuminate\Http\Request::HEADER_CLIENT_IP    => 'X_FORWARDED_FOR',
 
-        Illuminate\Http\Request::HEADER_CLIENT_HOST  => 'X_FORWARDED_HOST',
 
-        Illuminate\Http\Request::HEADER_CLIENT_PROTO => 'X_FORWARDED_PROTO',
 
-        Illuminate\Http\Request::HEADER_CLIENT_PORT  => 'X_FORWARDED_PORT',
 
-    ]
 
-];