From d971cea1c706ff93df2c16bedfd7c0223a5514a8 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Thu, 19 Sep 2024 13:30:17 +0200 Subject: [PATCH] =?UTF-8?q?[HttpFoundation]=C2=A0Document=20the=20PRIVATE?= =?UTF-8?q?=5FSUBNETS=20string?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- deployment/proxies.rst | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/deployment/proxies.rst b/deployment/proxies.rst index 40c2550ee2c..fc6f855451d 100644 --- a/deployment/proxies.rst +++ b/deployment/proxies.rst @@ -143,9 +143,17 @@ In this case, you'll need to - *very carefully* - trust *all* proxies. framework: # ... # trust *all* requests (the 'REMOTE_ADDR' string is replaced at - # run time by $_SERVER['REMOTE_ADDR']) + # runtime by $_SERVER['REMOTE_ADDR']) trusted_proxies: '127.0.0.1,REMOTE_ADDR' + # you can also use the 'PRIVATE_SUBNETS' string, which is replaced at + # runtime by the IpUtils::PRIVATE_SUBNETS constant + # trusted_proxies: '127.0.0.1,PRIVATE_SUBNETS' + +.. versionadded:: 7.2 + + The support for the ``'PRIVATE_SUBNETS'`` string was introduced in Symfony 7.2. + That's it! It's critical that you prevent traffic from all non-trusted sources. If you allow outside traffic, they could "spoof" their true IP address and other information.