mirror of
https://github.com/pixelfed/pixelfed.git
synced 2024-11-09 16:24:51 +00:00
Configure trust proxies
This commit is contained in:
parent
438fb3c514
commit
1af0b8abbb
1 changed files with 56 additions and 0 deletions
56
config/trustproxies.php
Normal file
56
config/trustproxies.php
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
return [
|
||||||
|
/*
|
||||||
|
* Set trusted proxy IP addresses.
|
||||||
|
*
|
||||||
|
* Both IPv4 and IPv6 addresses are
|
||||||
|
* supported, along with CIDR notation.
|
||||||
|
*
|
||||||
|
* The "*" character is syntactic sugar
|
||||||
|
* within TrustedProxy to trust any proxy
|
||||||
|
* that connects directly to your server,
|
||||||
|
* a requirement when you cannot know the address
|
||||||
|
* of your proxy (e.g. if using Rackspace balancers).
|
||||||
|
*
|
||||||
|
* The "**" character is syntactic sugar within
|
||||||
|
* TrustedProxy to trust not just any proxy that
|
||||||
|
* connects directly to your server, but also
|
||||||
|
* proxies that connect to those proxies, and all
|
||||||
|
* the way back until you reach the original source
|
||||||
|
* IP. It will mean that $request->getClientIp()
|
||||||
|
* always gets the originating client IP, no matter
|
||||||
|
* how many proxies that client's request has
|
||||||
|
* subsequently passed through.
|
||||||
|
*/
|
||||||
|
'proxies' => explode(env('TRUST_PROXIES', ''), ','),
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Default Header Names
|
||||||
|
*
|
||||||
|
* Change these if the proxy does
|
||||||
|
* not send the default header names.
|
||||||
|
*
|
||||||
|
* Note that headers such as X-Forwarded-For
|
||||||
|
* are transformed to HTTP_X_FORWARDED_FOR format.
|
||||||
|
*
|
||||||
|
* The following are Symfony defaults, found in
|
||||||
|
* \Symfony\Component\HttpFoundation\Request::$trustedHeaders
|
||||||
|
*
|
||||||
|
* You may optionally set headers to 'null' here if you'd like
|
||||||
|
* for them to be considered untrusted instead. Ex:
|
||||||
|
*
|
||||||
|
* Illuminate\Http\Request::HEADER_CLIENT_HOST => null,
|
||||||
|
*
|
||||||
|
* WARNING: If you're using AWS Elastic Load Balancing or Heroku,
|
||||||
|
* the FORWARDED and X_FORWARDED_HOST headers should be set to null
|
||||||
|
* as they are currently unsupported there.
|
||||||
|
*/
|
||||||
|
'headers' => [
|
||||||
|
(defined('Illuminate\Http\Request::HEADER_FORWARDED') ? Illuminate\Http\Request::HEADER_FORWARDED : 'forwarded') => 'FORWARDED',
|
||||||
|
Illuminate\Http\Request::HEADER_CLIENT_IP => 'X_FORWARDED_FOR',
|
||||||
|
Illuminate\Http\Request::HEADER_CLIENT_HOST => 'X_FORWARDED_HOST',
|
||||||
|
Illuminate\Http\Request::HEADER_CLIENT_PROTO => 'X_FORWARDED_PROTO',
|
||||||
|
Illuminate\Http\Request::HEADER_CLIENT_PORT => 'X_FORWARDED_PORT',
|
||||||
|
]
|
||||||
|
];
|
Loading…
Reference in a new issue