setTrustedProxies() public static method

You should only list the reverse proxies that you manage directly.
public static setTrustedProxies ( array $proxies )
$proxies array A list of trusted proxies
Esempio n. 1
0
             $json = $swagger->getResource($resourceName, $resourceOptions);
             $resourceName = str_replace(DIRECTORY_SEPARATOR, '-', ltrim($resourceName, DIRECTORY_SEPARATOR));
             $output[$resourceName] = $json;
         }
         $filename = $docDir . '/api-docs.json';
         file_put_contents($filename, Swagger::jsonEncode($resourceList, true));
         foreach ($output as $name => $json) {
             $name = str_replace(DIRECTORY_SEPARATOR, '-', ltrim($name, DIRECTORY_SEPARATOR));
             $filename = $docDir . '/' . $name . '.json';
             file_put_contents($filename, $json);
         }
     }
 }
 if (Config::get('swagger.behind-reverse-proxy')) {
     $proxy = Request::server('REMOTE_ADDR');
     Request::setTrustedProxies(array($proxy));
 }
 Blade::setEscapedContentTags('{{{', '}}}');
 Blade::setContentTags('{{', '}}');
 //need the / at the end to avoid CORS errors on Homestead systems.
 $response = response()->view('swagger::index', array('secure' => Request::secure(), 'urlToDocs' => url(Config::get('swagger.doc-route')), 'requestHeaders' => Config::get('swagger.requestHeaders')));
 //need the / at the end to avoid CORS errors on Homestead systems.
 /*$response = Response::make(
       View::make('swaggervel::index', array(
               'secure'         => Request::secure(),
               'urlToDocs'      => url(Config::get('swaggervel.doc-route')),
               'requestHeaders' => Config::get('swaggervel.requestHeaders') )
       ),
       200
   );*/
 if (Config::has('swagger.viewHeaders')) {
Esempio n. 2
0
// Register events first so that they can be used by other providers.
$list->registerProvider($config->get('app.providers.core_events'));
// Register all other providers
$list->registerProviders($config->get('app.providers'));
/**
 * ----------------------------------------------------------------------------
 * Set trusted proxies and headers for the request
 * ----------------------------------------------------------------------------
 */
if ($proxyHeaders = $config->get('concrete.security.trusted_proxies.headers')) {
    foreach ($proxyHeaders as $key => $value) {
        Request::setTrustedHeaderName($key, $value);
    }
}
if ($trustedProxiesIps = $config->get('concrete.security.trusted_proxies.ips')) {
    Request::setTrustedProxies($trustedProxiesIps);
}
/**
 * ----------------------------------------------------------------------------
 * Legacy Definitions
 * ----------------------------------------------------------------------------
 */
define('APP_VERSION', $config->get('concrete.version'));
define('APP_CHARSET', $config->get('concrete.charset'));
try {
    define('BASE_URL', \Core::getApplicationURL());
} catch (\Exception $x) {
    echo $x->getMessage();
    die(1);
}
define('DIR_REL', $cms['app_relative_path']);
<?php

/*
|--------------------------------------------------------------------------
| Application Routes
|--------------------------------------------------------------------------
|
| Here is where you can register all of the routes for an application.
| It's a breeze. Simply tell Laravel the URIs it should respond to
| and give it the controller to call when that URI is requested.
|
*/
Request::setTrustedProxies(['103.21.244.0/22', '103.22.200.0/22', '103.31.4.0/22', '104.16.0.0/12', '108.162.192.0/18', '141.101.64.0/18', '162.158.0.0/15', '172.64.0.0/13', '173.245.48.0/20', '188.114.96.0/20', '190.93.240.0/20', '197.234.240.0/22', '198.41.128.0/17', '199.27.128.0/21']);
Route::group(['middleware' => 'dashboard'], function () {
    Route::get('/', ['as' => 'home', 'uses' => 'PageController@showPage']);
    Route::get('/configurations', ['as' => 'config', 'uses' => 'PageController@showPage']);
    Route::get('/sidebar-menu', ['as' => 'sidebar', 'uses' => 'PageController@showPage']);
    Route::get('/alert', ['as' => 'alert', 'uses' => 'PageController@showPage']);
    Route::get('/breadcrumbs', ['as' => 'breadcrumbs', 'uses' => 'PageController@showPage']);
    Route::get('/view-customise', ['as' => 'customise.index', 'uses' => 'PageController@showPage']);
    Route::get('/view-customise/logo', ['as' => 'customise.logo', 'uses' => 'PageController@showPage']);
    Route::get('/view-customise/topbar', ['as' => 'customise.topbar', 'uses' => 'PageController@showPage']);
    Route::get('/view-customise/sidebar', ['as' => 'customise.sidebar', 'uses' => 'PageController@showPage']);
    Route::get('/view-customise/control-sidebar', ['as' => 'customise.control_sidebar', 'uses' => 'PageController@showPage']);
    Route::get('/view-customise/footer', ['as' => 'customise.footer', 'uses' => 'PageController@showPage']);
    Route::get('/view-customise/assets/head', ['as' => 'customise.assets.head', 'uses' => 'PageController@showPage']);
    Route::get('/view-customise/assets/foot', ['as' => 'customise.assets.foot', 'uses' => 'PageController@showPage']);
});
Route::post('/alerts', function () {
    if (Input::has('success')) {
        app('alert')->success(Input::get('message'));
| Here you may handle any errors that occur in your application, including
| logging them or displaying custom views for specific errors. You may
| even register several error handlers to handle different types of
| exceptions. If nothing is returned, the default error view is
| shown, which includes a detailed stack trace during debug.
|
*/
App::error(function (Exception $exception, $code) {
    Log::error($exception);
});
/*
|--------------------------------------------------------------------------
| Application Proxy Configuration
|-------------------------------------------------------------------------
*/
Request::setTrustedProxies(array('*'));
/*
|--------------------------------------------------------------------------
| Maintenance Mode Handler
|--------------------------------------------------------------------------
|
| The "down" Artisan command gives you the ability to put an application
| into maintenance mode. Here, you will define what is displayed back
| to the user if maintenance mode is in effect for the application.
|
*/
App::down(function () {
    return Response::make("Be right back!", 503);
});
/*
|--------------------------------------------------------------------------
Esempio n. 5
0
<?php

/*
|--------------------------------------------------------------------------
| Application & Route Filters
|--------------------------------------------------------------------------
|
| Below you will find the "before" and "after" events for the application
| which may be used to do any work before or after a request into your
| application. Here you may also register your custom route filters.
|
*/
App::before(function ($request) {
    Request::setTrustedProxies([$request->getClientIP()]);
});
App::after(function ($request, $response) {
    //
});
/*
|--------------------------------------------------------------------------
| Authentication Filters
|--------------------------------------------------------------------------
|
| The following filters are used to verify that the user of the current
| session is logged into this application. The "basic" filter easily
| integrates HTTP Basic authentication for quick, simple checking.
|
*/
Route::filter('auth', function () {
    if (Auth::guest()) {
        return Redirect::to('user/login');
Esempio n. 6
0
/*
|--------------------------------------------------------------------------
| Laraeval Routes
|--------------------------------------------------------------------------
|
*/
// Filter access by IP
Route::filter('ipaddr', function () {
    $allowed_ips = Config::get('laraeval::allowed_ips');
    // check for proxy
    $proxies = Config::get('laraeval::trusted_proxies');
    if (!is_array($proxies) and $proxies === '*') {
        // trust all ip
        $proxies = array(Request::getClientIp());
    }
    Request::setTrustedProxies($proxies);
    $user_ip = Request::getClientIp();
    if (!in_array($user_ip, $allowed_ips)) {
        App::abort(401, sprintf('Access Denied from %s!', htmlentities($user_ip)));
    }
});
// Main page for entering the code
Route::get('laraeval', array('before' => 'ipaddr', function () {
    $default_code = <<<CODE
// Laraeval Shortcut
// -----------------
// CTRL+ENTER for executing the code
// CTRL+, for switching to code window
// CTRL+. for switching to output window
// CTRL+SHIFT+. for switching to profiler window
CODE;
Esempio n. 7
0
|--------------------------------------------------------------------------
| Application & Route Filters
|--------------------------------------------------------------------------
|
| Below you will find the "before" and "after" events for the application
| which may be used to do any work before or after a request into your
| application. Here you may also register your custom route filters.
|
*/
App::before(function ($request) {
    // CloudFlare IP addresses to trust
    // Proxies obtained from https://www.cloudflare.com/ips-v4
    // Cached for 1 week
    try {
        Request::setTrustedProxies(Cache::remember('cloudflare.ips', 24 * 60 * 7, function () {
            $request = App::make('guzzle')->get('https://www.cloudflare.com/ips-v4');
            return explode("\n", $request->getBody());
        }));
    } catch (Exception $e) {
        Cache::forget('cloudflare.ips');
        Log::error($e);
    }
    // If request is not secured and force secured connection is enabled
    // then we need to redirect the user to a secure link.
    if (!Request::secure() && Config::get('bfacp.site.ssl') && $_SERVER['REMOTE_ADDR'] != '127.0.0.1' && filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE)) {
        $path = Request::path();
        if (strlen(Request::server('QUERY_STRING')) > 0) {
            $path .= '?' . Request::server('QUERY_STRING');
        }
        $status = in_array(Request::getMethod(), ['POST', 'PUT', 'DELETE']) ? 307 : 302;
        return Redirect::secure($path, $status);
    }
Esempio n. 8
0
Validator::replacer('mbmax', function ($message, $attribute, $rule, $parameters) {
    return str_replace(':max', $parameters[0], $message);
});
/*
|--------------------------------------------------------------------------
| Trust proxy headers
|--------------------------------------------------------------------------
|
| Checks if the site is behind a proxy server (or a load balancer) and
| set whether to trust the client IP sent in the request that comes via
| the proxy intermediary.
|
*/
if (Site::config('general')->proxy) {
    // Trust the client proxy address
    Request::setTrustedProxies(array(Request::getClientIp()));
    // Trust the client IP header
    Request::setTrustedHeaderName(\Symfony\Component\HttpFoundation\Request::HEADER_CLIENT_IP, 'X-Forwarded-For');
    // Trust the client protocol header
    Request::setTrustedHeaderName(\Symfony\Component\HttpFoundation\Request::HEADER_CLIENT_PROTO, 'X-Forwarded-Proto');
}
/*
|--------------------------------------------------------------------------
| Handle application errors
|--------------------------------------------------------------------------
|
| Shows custom screens for app errors. This is mainly done to show a
| friendly error message and to throw errors with ease from the view.
|
*/
App::error(function ($exception, $code) {