fmaj / cloudfront-trusted-proxies
Provides a way to retrieve cloudfront proxies ip ranges with caching mechanism
Installs: 11 545
Dependents: 0
Suggesters: 0
Security: 0
Stars: 6
Watchers: 4
Forks: 2
Open Issues: 0
Requires (Dev)
- phpstan/phpstan: 0.12.*
- phpunit/phpunit: >=7.0.0
Suggests
- symfony/cache: Implementation of PSR-6 cache system
- symfony/framework-bundle: The Symfony framework
This package is auto-updated.
Last update: 2024-11-06 10:43:41 UTC
README
Provides a way to retrieve cloudfront proxies ip ranges with caching mechanism
Installation
composer require fmaj/cloudfront-trusted-proxies
Symfony context
The initial purpose of this library was to be used in a symfony project, but it's theorically operational in other contexts like a laravel project.
As refered to the Symfony official documentation , if you are using CloudFront on top of your load balancer symfony does not provide an easy way to trust proxies traffic, as it will only trust the node sitting directly above your application (in this case your load balancer).
That's why you also need to append the IP addresses or ranges of any additional proxy (in this case CloudFront IP ranges) to the array of trusted proxies.
Usage
You have to inject a CacheInterface instance to the ProxiesHelper constructor.
In this example a FilesystemAdapter instance (from symfony/cache) is used to store the cloudfront ips for one hour (3600 seconds).
Note the filesystem cache adapter is often the worst choice for caching performances in production (except on tmpfs storage).
// public/index.php use Fmaj\CloudfrontTrustedProxies\ProxiesHelper; use Symfony\Component\Cache\Adapter\FilesystemAdapter; use Symfony\Component\HttpFoundation\Request; /** @var \Psr\Cache\CacheItemPoolInterface $cachePool */ $cachePool = new FilesystemAdapter('cloudfront_trusted_ips', 3600); $proxyHelper = new ProxiesHelper($cachePool); Request::setTrustedProxies( $proxyHelper->list(), Request::HEADER_X_FORWARDED_AWS_ELB );