You should only list the reverse proxies that you manage directly.
public static setTrustedProxies ( array $proxies ) | ||
$proxies | array | A list of trusted proxies |
public function boot() { if ($trustedProxies = $this->container->getParameter('kernel.trusted_proxies')) { Request::setTrustedProxies($trustedProxies); } elseif ($this->container->getParameter('kernel.trust_proxy_headers')) { Request::trustProxyData(); // @deprecated, to be removed in 2.3 } }
public function setProxyConf() { if (!$this->configuration->isSetup()) { return; } $proxies = isset($this->configuration['trusted-proxies']) ? $this->configuration['trusted-proxies'] : []; Request::setTrustedProxies($proxies); }
public function boot() { if ($trustedProxies = $this->container->getParameter('kernel.trusted_proxies')) { Request::setTrustedProxies($trustedProxies); } if ($this->container->getParameter('kernel.http_method_override')) { Request::enableHttpMethodParameterOverride(); } }
/** */ public static function init() { if (!static::$request) { Request::setTrustedProxies(Constants::$trusted_proxies); // Create request object from global page request otherwise. static::$request = Request::createFromGlobals(); } // Otherwise, the request will be pre-injected. }
public function boot() { ErrorHandler::register(null, false)->throwAt($this->container->getParameter('debug.error_handler.throw_at'), true); if ($trustedProxies = $this->container->getParameter('kernel.trusted_proxies')) { Request::setTrustedProxies($trustedProxies); } if ($this->container->getParameter('kernel.http_method_override')) { Request::enableHttpMethodParameterOverride(); } if ($trustedHosts = $this->container->getParameter('kernel.trusted_hosts')) { Request::setTrustedHosts($trustedHosts); } }
/** * @expectedException Symfony\Component\HttpFoundation\Exception\ConflictingHeadersException */ public function testListenerThrowsWhenMasterRequestHasInconsistentClientIps() { $dispatcher = new EventDispatcher(); $kernel = $this->getMock('Symfony\\Component\\HttpKernel\\HttpKernelInterface'); $request = new Request(); $request->setTrustedProxies(array('1.1.1.1')); $request->server->set('REMOTE_ADDR', '1.1.1.1'); $request->headers->set('FORWARDED', '2.2.2.2'); $request->headers->set('X_FORWARDED_FOR', '3.3.3.3'); $dispatcher->addListener(KernelEvents::REQUEST, array(new ValidateRequestListener(), 'onKernelRequest')); $event = new GetResponseEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST); $dispatcher->dispatch(KernelEvents::REQUEST, $event); }
public function testUseRequestClientIp() { Request::setTrustedProxies(array('192.168.0.1')); list($event, $server) = $this->createRequestEvent(array('X_FORWARDED_FOR' => '192.168.0.2')); $processor = new WebProcessor(); $processor->onKernelRequest($event); $record = $processor($this->getRecord()); $this->assertCount(5, $record['extra']); $this->assertEquals($server['REQUEST_URI'], $record['extra']['url']); $this->assertEquals($server['X_FORWARDED_FOR'], $record['extra']['ip']); $this->assertEquals($server['REQUEST_METHOD'], $record['extra']['http_method']); $this->assertEquals($server['SERVER_NAME'], $record['extra']['server']); $this->assertEquals($server['HTTP_REFERER'], $record['extra']['referrer']); }
/** * The signup action processes a signup request and creates new accounts * * @return ViewSpec */ public function signup() { Request::setTrustedProxies(Constants::$trusted_proxies); $request = Request::createFromGlobals(); $signupRequest = $this->buildSignupRequest($request); try { $this->validateSignupRequest($signupRequest); // guard method $viewSpec = $this->doWork($signupRequest); } catch (\RuntimeException $e) { $viewSpec = $this->renderException($e, $signupRequest); } return $viewSpec; }
protected function initServiceProviders() { $app = $this; if ($this['config']['trusted_proxies']) { \Symfony\Component\HttpFoundation\Request::setTrustedProxies($this['config']['trusted_proxies']); } $app['app_base_path'] = $this->basePath; $app->register(new \Silex\Provider\TwigServiceProvider(), array('twig.options' => array('cache' => $this->basePath . '/cache/twig', 'auto_reload' => $this['debug'], 'strict_variables' => true), 'twig.path' => array($this->basePath . '/src/views'))); $app->register(new \Silex\Provider\SwiftmailerServiceProvider()); $app->register(new \Devture\SilexProvider\DoctrineMongoDB\ServicesProvider('mongodb', array())); $app['mongodb.database'] = $app->share(function ($app) { return $app['mongodb.connection']->selectDatabase($app['config']['mongo']['db_name']); }); $app->register(new \Devture\Bundle\FrameworkBundle\ServicesProvider($this['config']['FrameworkBundle'])); $app->register(new \Devture\Bundle\LocalizationBundle\ServicesProvider($app['config']['LocalizationBundle'])); $app->register(new \Devture\Bundle\UserBundle\ServicesProvider($app['config']['UserBundle'])); $app->register(new \Devture\Bundle\NagiosBundle\ServicesProvider($app['config']['NagiosBundle'])); }
/** * Perform all the login functionality for the login page as requested. */ public static function perform_login_if_requested($username_requested, $pass) { Request::setTrustedProxies(Constants::$trusted_proxies); $request = Request::createFromGlobals(); $user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : null; $login_attempt_info = ['username' => $username_requested, 'user_agent' => $user_agent, 'ip' => $request->getClientIp(), 'successful' => 0, 'additional_info' => $_SERVER]; $logged_in = login_user($username_requested, $pass); $is_logged_in = $logged_in['success']; if (!$is_logged_in) { // Login was attempted, but failed, so display an error. self::store_auth_attempt($login_attempt_info); $login_error_message = $logged_in['login_error']; return $login_error_message; } else { // log a successful login attempt $login_attempt_info['successful'] = 1; self::store_auth_attempt($login_attempt_info); return ''; } }
/** * @param string $configFile path to main configuration file */ public function loadConfig($configFile) { $yaml = new Parser(); try { $config = $yaml->parse(file_get_contents($configFile)); } catch (ParseException $e) { $this->logger->critical('Unable to parse the YAML string: ' . $e->getMessage() . ' in ' . $e->getParsedFile()); return; } if (!is_array($config)) { $this->logger->critical('Parsed config file is not an array'); return; } $config = $this->configurator->resolveMainConfig($config); //trusted proxies if (array_key_exists('trustedProxies', $config)) { $arrayOfProxies = is_string($config['trustedProxies']) ? array($config['trustedProxies']) : $config['trustedProxies']; Request::setTrustedProxies($arrayOfProxies); } //global hook options if (array_key_exists('options', $config)) { $this->options = $this->configurator->resolveOptions($config['options']); } // global hook commands if (array_key_exists('commands', $config)) { $this->addCommand($config['commands']); } // global path if (array_key_exists('path', $config)) { $this->path = $config['path']; } // configure global repositories if (array_key_exists('repositories', $config)) { $this->handleRepositoryConfig($config); } // configure repositoriesDir if (array_key_exists('repositoriesDir', $config)) { $this->loadRepos($config['repositoriesDir']); } }
/** * Update the information of a viewing observer, or player. */ function update_activity_info() { // ******************** Usage Information of the browser ********************* Request::setTrustedProxies(Constants::$trusted_proxies); $request = Request::createFromGlobals(); $remoteAddress = '' . $request->getClientIp(); $userAgent = isset($_SERVER['HTTP_USER_AGENT']) ? substr($_SERVER['HTTP_USER_AGENT'], 0, 250) : NULL; // Truncated at 250 char. $referer = isset($_SERVER['HTTP_REFERER']) ? substr($_SERVER['HTTP_REFERER'], 0, 250) : ''; // Truncated at 250 char. // ************** Setting anonymous and player usage information DatabaseConnection::getInstance(); $session = SessionFactory::getSession(); if (!$session->has('online')) { // *** Completely new session, update latest activity log. *** if ($remoteAddress) { // *** Delete prior to trying to re-insert into the people online. *** $statement = DatabaseConnection::$pdo->prepare('DELETE FROM ppl_online WHERE ip_address = :ip OR session_id = :sessionID'); $statement->bindValue(':ip', $remoteAddress); $statement->bindValue(':sessionID', $session->getId()); $statement->execute(); } // *** Update viewer data. *** $statement = DatabaseConnection::$pdo->prepare('INSERT INTO ppl_online (session_id, activity, ip_address, refurl, user_agent) VALUES (:sessionID, now(), :ip, :referer, :userAgent)'); $statement->bindValue(':sessionID', $session->getId()); $statement->bindValue(':ip', $remoteAddress); $statement->bindValue(':referer', $referer); $statement->bindValue(':userAgent', $userAgent); $statement->execute(); $session->set('online', true); } else { // *** An already existing session. *** $statement = DatabaseConnection::$pdo->prepare('UPDATE ppl_online SET activity = now(), member = :member WHERE session_id = :sessionID'); $statement->bindValue(':sessionID', $session->getId()); $statement->bindValue(':member', is_logged_in(), PDO::PARAM_BOOL); $statement->execute(); } }
public function initMountpoints() { if ($proxies = $this['config']->get('general/trustProxies')) { Request::setTrustedProxies($proxies); } // Mount the 'backend' on the branding:path setting. Defaults to '/bolt'. $backendPrefix = $this['config']->get('general/branding/path'); $this->mount($backendPrefix, new Controllers\Login()); $this->mount($backendPrefix, new Controllers\Backend()); // Mount the 'async' controllers on /async. Not configurable. $this->mount('/async', new Controllers\Async()); // Mount the 'thumbnail' provider on /thumbs. $this->mount('/thumbs', new Thumbs\ThumbnailProvider()); // Mount the 'upload' controller on /upload. $this->mount('/upload', new Controllers\Upload()); // Mount the 'extend' controller on /branding/extend. $this->mount($backendPrefix . '/extend', $this['extend']); if ($this['config']->get('general/enforce_ssl')) { foreach ($this['routes'] as $route) { /** @var \Silex\Route $route */ $route->requireHttps(); } } // Mount the 'frontend' controllers, as defined in our Routing.yml $this->mount('', new Controllers\Routing()); }
use Symfony\Component\HttpFoundation\Request; /** * @var Composer\Autoload\ClassLoader */ $loader = (require __DIR__ . '/../app/autoload.php'); include_once __DIR__ . '/../app/bootstrap.php.cache'; if (extension_loaded('apc') && ini_get('apc.enabled')) { $apcLoader = new Symfony\Component\ClassLoader\ApcClassLoader(sha1(__FILE__), $loader); $loader->unregister(); $apcLoader->register(true); } if (getenv('APP_ENV') === 'dev') { umask(00); Debug::enable(); $kernel = new AppKernel('dev', true); } else { $kernel = new AppKernel('prod', false); } $kernel->loadClassCache(); if (getenv('APP_ENV') !== 'dev') { if (!isset($_SERVER['HTTP_SURROGATE_CAPABILITY']) || false === strpos($_SERVER['HTTP_SURROGATE_CAPABILITY'], 'ESI/1.0')) { require_once __DIR__ . '/../app/AppCache.php'; $kernel = new AppCache($kernel); } } Request::enableHttpMethodParameterOverride(); Request::setTrustedProxies(array('127.0.0.1')); $request = Request::createFromGlobals(); $response = $kernel->handle($request); $response->send(); $kernel->terminate($request, $response);
$loader = new ApcClassLoader($prefix ?: "ezpublish", $loader); $loader->register(true); } require_once __DIR__ . '/../ezpublish/EzPublishKernel.php'; if ($useDebugging) { Debug::enable(); } $kernel = new EzPublishKernel($environment, $useDebugging); // we don't want to use the classes cache if we are in a debug session if (!$useDebugging) { $kernel->loadClassCache(); } // Depending on the USE_HTTP_CACHE environment variable, tells whether the internal HTTP Cache mechanism is to be used. // If not set it is activated if not in "dev" environment. if (($useHttpCache = getenv("USE_HTTP_CACHE")) === false) { $useHttpCache = $environment !== "dev"; } // Load HTTP Cache ... if ($useHttpCache) { require_once __DIR__ . '/../ezpublish/EzPublishCache.php'; $kernel = new EzPublishCache($kernel); } $request = Request::createFromGlobals(); // If you are behind one or more trusted reverse proxies, you might want to set them in TRUSTED_PROXIES environment // variable in order to get correct client IP if (($trustedProxies = getenv("TRUSTED_PROXIES")) !== false) { Request::setTrustedProxies(explode(",", $trustedProxies)); } $response = $kernel->handle($request); $response->send(); $kernel->terminate($request, $response);
<?php use Keboola\Syrup\Debug\Debug; use Symfony\Component\HttpFoundation\Request; umask(02); define('ROOT_PATH', __DIR__ . '/../'); $loader = (require_once __DIR__ . '/../app/bootstrap.php.cache'); // Use APC for autoloading to improve performance. // Change 'sf2' to a unique prefix in order to prevent cache key conflicts // with other applications also using APC. /* $loader = new ApcClassLoader('sf2', $loader); $loader->register(true); */ Debug::enable('prod'); require_once __DIR__ . '/../app/AppKernel.php'; //require_once __DIR__.'/../app/AppCache.php'; $kernel = new AppKernel('prod', false); $kernel->loadClassCache(); $request = Request::createFromGlobals(); // Because of ELB we need to trust to all incoming requests Request::setTrustedProxies(array($request->server->get('REMOTE_ADDR'))); $response = $kernel->handle($request); $response->send(); $kernel->terminate($request, $response);
/** * @expectedException Symfony\Component\HttpKernel\Exception\BadRequestHttpException */ public function testInconsistentClientIpsOnMasterRequests() { $dispatcher = new EventDispatcher(); $dispatcher->addListener(KernelEvents::REQUEST, function ($event) { $event->getRequest()->getClientIp(); }); $kernel = new HttpKernel($dispatcher, $this->getResolver()); $request = new Request(); $request->setTrustedProxies(array('1.1.1.1')); $request->server->set('REMOTE_ADDR', '1.1.1.1'); $request->headers->set('FORWARDED', '2.2.2.2'); $request->headers->set('X_FORWARDED_FOR', '3.3.3.3'); $kernel->handle($request, $kernel::MASTER_REQUEST, false); }
use Symfony\Component\HttpFoundation\Request; use LoginCidadao\CoreBundle\Security\Compatibility\RamseyUuidFeatureSet; // If you don't want to setup permissions the proper way, just uncomment the following PHP line // read http://symfony.com/doc/current/book/installation.html#configuration-and-setup for more information //umask(0000); $loader = (require_once __DIR__ . '/../app/bootstrap.php.cache'); Debug::enable(); require_once __DIR__ . '/../app/AppKernel.php'; $kernel = new AppKernel('dev', true); $uuidFactory = new \Ramsey\Uuid\UuidFactory(new RamseyUuidFeatureSet()); \Ramsey\Uuid\Uuid::setFactory($uuidFactory); $generator = new \Qandidate\Stack\UuidRequestIdGenerator(); $stack = new \Qandidate\Stack\RequestId($kernel, $generator); $kernel->loadClassCache(); try { $path = implode(DIRECTORY_SEPARATOR, array($kernel->getRootDir(), 'config', 'parameters.yml')); $params = Yaml::parse(file_get_contents($path)); Request::setTrustedProxies($params['parameters']['trusted_proxies']); } catch (Exception $ex) { http_response_code(500); exit('Invalid configuration'); } $request = Request::createFromGlobals(); $allowed = $params['parameters']['dev_allowed']; if (!IpUtils::checkIp($request->getClientIp(), $allowed)) { header('HTTP/1.0 403 Forbidden'); exit('You are not allowed to access this file.'); } $response = $stack->handle($request); $response->send(); $kernel->terminate($request, $response);
<?php if (!defined('APPLICATION_PATH')) { define('APPLICATION_PATH', realpath(dirname(__FILE__) . '/..')); } require_once __DIR__ . '/../vendor/autoload.php'; $service = new AnyContent\Repository\Service(); $service['debug'] = true; $client = new \AnyContent\Client\Client(); $configuration = new \AnyContent\Connection\Configuration\RestLikeConfiguration(); $configuration->setUri('http://acrs.hahnair.dev/1/test'); $connection = $configuration->createReadWriteConnection(); $configuration->addContentTypes(); $repository = new \AnyContent\Client\Repository('test', $connection); $client->addRepository($repository); $service->setClient($client); $service->register(new Silex\Provider\HttpCacheServiceProvider(), array('http_cache.cache_dir' => APPLICATION_PATH . '/http_cache/')); \Symfony\Component\HttpFoundation\Request::setTrustedProxies(array('127.0.0.1')); $service['http_cache']->run(); //$service->run();
} $kernel = new AppKernel($environment, $useDebugging); // we don't want to use the classes cache if we are in a debug session if (!$useDebugging) { $kernel->loadClassCache(); } // Depending on the SYMFONY_HTTP_CACHE environment variable, tells whether the internal HTTP Cache mechanism is to be used. // If not set it is activated if not in "dev" environment. if (($useHttpCache = getenv('SYMFONY_HTTP_CACHE')) === false) { $useHttpCache = $environment !== 'dev'; } // Load HTTP Cache ... if ($useHttpCache) { // The standard HttpCache implementation can be overridden by setting the SYMFONY_HTTP_CACHE_CLASS environment variable. // Make sure to setup composer config so it is *autoloadable*, or fallback to use "SYMFONY_CLASSLOADER_FILE" if (($httpCacheClass = getenv('SYMFONY_HTTP_CACHE_CLASS')) !== false) { $kernel = new $httpCacheClass($kernel); } else { require_once __DIR__ . '/../app/AppCache.php'; $kernel = new AppCache($kernel); } } $request = Request::createFromGlobals(); // If you are behind one or more trusted reverse proxies, you might want to set them in SYMFONY_TRUSTED_PROXIES environment // variable in order to get correct client IP if (($trustedProxies = getenv('SYMFONY_TRUSTED_PROXIES')) !== false) { Request::setTrustedProxies(explode(',', $trustedProxies)); } $response = $kernel->handle($request); $response->send(); $kernel->terminate($request, $response);
/** * Update activity for a logged in player. * * @return void */ function update_activity_log($p_playerID) { // (See update_activity_info in lib_header for the function that updates all the detailed info.) DatabaseConnection::getInstance(); Request::setTrustedProxies(Constants::$trusted_proxies); $request = Request::createFromGlobals(); $user_ip = $request->getClientIp(); query("UPDATE players SET days = 0 WHERE player_id = :player", [':player' => $p_playerID]); query("Update accounts set last_ip = :ip, last_login = now() where account_id = (select _account_id from account_players join players on _player_id = player_id where player_id = :pid)", array(':ip' => $user_ip, ':pid' => $p_playerID)); }
public function testHandleAuthenticateWithTrustedProxy() { Request::setTrustedProxies(array('10.11.12.13')); $hash = '123abc'; $request = new Request(); $request->headers->add(array('X-HTTP-Override' => 'AUTHENTICATE', 'Accept' => Kernel::USER_HASH_ACCEPT_HEADER)); $request->server->set('REMOTE_ADDR', '10.11.12.13'); /** @var \PHPUnit_Framework_MockObject_MockObject|Kernel $kernel */ $kernel = $this->getMockBuilder('eZ\\Bundle\\EzPublishCoreBundle\\Kernel')->disableOriginalConstructor()->setMethods(array('generateUserHash'))->getMockForAbstractClass(); $kernel->expects($this->once())->method('generateUserHash')->with($request)->will($this->returnValue($hash)); $response = $kernel->handle($request); $this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\Response', $response); $this->assertSame(200, $response->getStatusCode()); $this->assertSame($hash, $response->headers->get('X-User-Hash')); }
public function preExecute(Request $request) { parent::preExecute($request); Request::setTrustedProxies(array($request->server->get('REMOTE_ADDR'))); }
<?php /* * This file is part of the Jirro package. * * (c) Rendy Eko Prastiyo <*****@*****.**> * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ use Symfony\Component\HttpFoundation\Request; use Jirro\Component\Kernel\ApplicationFactory; require_once __DIR__ . '/../bootstrap.php'; $application = $applicationFactory->createApplication(ApplicationFactory::TYPE_HTTP, $config); $request = Request::createFromGlobals(); Request::setTrustedProxies(['127.0.0.1']); Stack\run($application, $request);
/** * Forwards the Request to the backend and returns the Response. * * @param Request $request A Request instance * @param bool $catch Whether to catch exceptions or not * @param Response $entry A Response instance (the stale entry if present, null otherwise) * * @return Response A Response instance */ protected function forward(Request $request, $catch = false, Response $entry = null) { if ($this->surrogate) { $this->surrogate->addSurrogateCapability($request); } // modify the X-Forwarded-For header if needed $forwardedFor = $request->headers->get('X-Forwarded-For'); if ($forwardedFor) { $request->headers->set('X-Forwarded-For', $forwardedFor . ', ' . $request->server->get('REMOTE_ADDR')); } else { $request->headers->set('X-Forwarded-For', $request->server->get('REMOTE_ADDR')); } // fix the client IP address by setting it to 127.0.0.1 as HttpCache // is always called from the same process as the backend. $request->server->set('REMOTE_ADDR', '127.0.0.1'); // make sure HttpCache is a trusted proxy if (!in_array('127.0.0.1', $trustedProxies = Request::getTrustedProxies())) { $trustedProxies[] = '127.0.0.1'; Request::setTrustedProxies($trustedProxies); } // always a "master" request (as the real master request can be in cache) $response = $this->kernel->handle($request, HttpKernelInterface::MASTER_REQUEST, $catch); // FIXME: we probably need to also catch exceptions if raw === true // we don't implement the stale-if-error on Requests, which is nonetheless part of the RFC if (null !== $entry && in_array($response->getStatusCode(), array(500, 502, 503, 504))) { if (null === ($age = $entry->headers->getCacheControlDirective('stale-if-error'))) { $age = $this->options['stale_if_error']; } if (abs($entry->getTtl()) < $age) { $this->record($request, 'stale-if-error'); return $entry; } } $this->processResponseBody($request, $response); if ($this->isPrivateRequest($request) && !$response->headers->hasCacheControlDirective('public')) { $response->setPrivate(true); } elseif ($this->options['default_ttl'] > 0 && null === $response->getTtl() && !$response->headers->getCacheControlDirective('must-revalidate')) { $response->setTtl($this->options['default_ttl']); } return $response; }
public function __construct($environment, $debug) { Request::setTrustedProxies(['0.0.0.0/0']); parent::__construct($environment, $debug); }
public function testTrustedProxies() { $request = Request::create('http://example.com/'); $request->server->set('REMOTE_ADDR', '3.3.3.3'); $request->headers->set('X_FORWARDED_FOR', '1.1.1.1, 2.2.2.2'); $request->headers->set('X_FORWARDED_HOST', 'foo.example.com, real.example.com:8080'); $request->headers->set('X_FORWARDED_PROTO', 'https'); $request->headers->set('X_FORWARDED_PORT', 443); $request->headers->set('X_MY_FOR', '3.3.3.3, 4.4.4.4'); $request->headers->set('X_MY_HOST', 'my.example.com'); $request->headers->set('X_MY_PROTO', 'http'); $request->headers->set('X_MY_PORT', 81); // no trusted proxies $this->assertEquals('3.3.3.3', $request->getClientIp()); $this->assertEquals('example.com', $request->getHost()); $this->assertEquals(80, $request->getPort()); $this->assertFalse($request->isSecure()); // disabling proxy trusting Request::setTrustedProxies(array()); $this->assertEquals('3.3.3.3', $request->getClientIp()); $this->assertEquals('example.com', $request->getHost()); $this->assertEquals(80, $request->getPort()); $this->assertFalse($request->isSecure()); // trusted proxy via setTrustedProxies() Request::setTrustedProxies(array('3.3.3.3', '2.2.2.2')); $this->assertEquals('1.1.1.1', $request->getClientIp()); $this->assertEquals('real.example.com', $request->getHost()); $this->assertEquals(443, $request->getPort()); $this->assertTrue($request->isSecure()); // trusted proxy via setTrustedProxies() Request::setTrustedProxies(array('3.3.3.4', '2.2.2.2')); $this->assertEquals('3.3.3.3', $request->getClientIp()); $this->assertEquals('example.com', $request->getHost()); $this->assertEquals(80, $request->getPort()); $this->assertFalse($request->isSecure()); // check various X_FORWARDED_PROTO header values Request::setTrustedProxies(array('3.3.3.3', '2.2.2.2')); $request->headers->set('X_FORWARDED_PROTO', 'ssl'); $this->assertTrue($request->isSecure()); $request->headers->set('X_FORWARDED_PROTO', 'https, http'); $this->assertTrue($request->isSecure()); // custom header names Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, 'X_MY_FOR'); Request::setTrustedHeaderName(Request::HEADER_CLIENT_HOST, 'X_MY_HOST'); Request::setTrustedHeaderName(Request::HEADER_CLIENT_PORT, 'X_MY_PORT'); Request::setTrustedHeaderName(Request::HEADER_CLIENT_PROTO, 'X_MY_PROTO'); $this->assertEquals('4.4.4.4', $request->getClientIp()); $this->assertEquals('my.example.com', $request->getHost()); $this->assertEquals(81, $request->getPort()); $this->assertFalse($request->isSecure()); // disabling via empty header names Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, null); Request::setTrustedHeaderName(Request::HEADER_CLIENT_HOST, null); Request::setTrustedHeaderName(Request::HEADER_CLIENT_PORT, null); Request::setTrustedHeaderName(Request::HEADER_CLIENT_PROTO, null); $this->assertEquals('3.3.3.3', $request->getClientIp()); $this->assertEquals('example.com', $request->getHost()); $this->assertEquals(80, $request->getPort()); $this->assertFalse($request->isSecure()); // reset Request::setTrustedProxies(array()); Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, 'X_FORWARDED_FOR'); Request::setTrustedHeaderName(Request::HEADER_CLIENT_HOST, 'X_FORWARDED_HOST'); Request::setTrustedHeaderName(Request::HEADER_CLIENT_PORT, 'X_FORWARDED_PORT'); Request::setTrustedHeaderName(Request::HEADER_CLIENT_PROTO, 'X_FORWARDED_PROTO'); }
<?php require __DIR__ . '/../vendor/autoload.php'; use Symfony\Component\HttpFoundation\Request; $configPath = __DIR__ . '/../config/config.php'; if (file_exists($configPath) && is_readable($configPath)) { $config = (require $configPath); Request::setTrustedProxies($config['trustedProxies']); } function getClientIp() { $request = Request::createFromGlobals(); return $request->getClientIp(); }
/** * @dataProvider getTrustedProxyData */ public function testHttpCacheIsSetAsATrustedProxy(array $existing, array $expected) { Request::setTrustedProxies($existing); $this->setNextResponse(); $this->request('GET', '/', array('REMOTE_ADDR' => '10.0.0.1')); $this->assertEquals($expected, Request::getTrustedProxies()); }
public function boot(Application $app) { if ($proxies = $app['config']->get('general/trustProxies')) { Request::setTrustedProxies($proxies); } }