fmaj/cloudfront-trusted-proxies

Provides a way to retrieve cloudfront proxies ip ranges with caching mechanism

1.0.3 2020-03-20 19:45 UTC

This package is auto-updated.

Last update: 2024-11-06 10:43:41 UTC


README

Build codecov Latest Stable Version Total Downloads Latest Unstable Version License

Provides a way to retrieve cloudfront proxies ip ranges with caching mechanism

Installation

composer require fmaj/cloudfront-trusted-proxies

Symfony context

The initial purpose of this library was to be used in a symfony project, but it's theorically operational in other contexts like a laravel project.

As refered to the Symfony official documentation , if you are using CloudFront on top of your load balancer symfony does not provide an easy way to trust proxies traffic, as it will only trust the node sitting directly above your application (in this case your load balancer).

That's why you also need to append the IP addresses or ranges of any additional proxy (in this case CloudFront IP ranges) to the array of trusted proxies.

Usage

You have to inject a CacheInterface instance to the ProxiesHelper constructor.

In this example a FilesystemAdapter instance (from symfony/cache) is used to store the cloudfront ips for one hour (3600 seconds).

Note the filesystem cache adapter is often the worst choice for caching performances in production (except on tmpfs storage).

// public/index.php
use Fmaj\CloudfrontTrustedProxies\ProxiesHelper;
use Symfony\Component\Cache\Adapter\FilesystemAdapter;
use Symfony\Component\HttpFoundation\Request;

/** @var \Psr\Cache\CacheItemPoolInterface $cachePool */
$cachePool = new FilesystemAdapter('cloudfront_trusted_ips', 3600);
$proxyHelper = new ProxiesHelper($cachePool);
Request::setTrustedProxies(
    $proxyHelper->list(),
    Request::HEADER_X_FORWARDED_AWS_ELB
);