rolandverner / symfony-cloudflare
Automatically fetch Cloudflare IP ranges and configure Symfony trusted proxies.
Installs: 4
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
Type:symfony-bundle
pkg:composer/rolandverner/symfony-cloudflare
Requires
- php: >=8.1
- symfony/cache: ^6.0 || ^7.0 || ^8.0
- symfony/config: ^6.0 || ^7.0 || ^8.0
- symfony/console: ^6.0 || ^7.0 || ^8.0
- symfony/dependency-injection: ^6.0 || ^7.0 || ^8.0
- symfony/http-client: ^6.0 || ^7.0 || ^8.0
- symfony/http-foundation: ^6.0 || ^7.0 || ^8.0
- symfony/http-kernel: ^6.0 || ^7.0 || ^8.0
Requires (Dev)
- phpunit/phpunit: ^10.0
- symfony/phpunit-bridge: ^6.0 || ^7.0 || ^8.0
README
This bundle automatically fetches Cloudflare's IP ranges (IPv4 and IPv6) and configures Symfony's trusted proxies. This ensures that Request::getClientIp() and other forwarded headers (like X-Forwarded-Proto) work correctly when your application is behind Cloudflare.
Features
- Automatic IP Updates: Fetches the latest IP ranges directly from Cloudflare.
- Caching: IP ranges are cached using Symfony Cache to avoid overhead on every request.
- Zero Configuration: Works out of the box with standard Symfony environment variables (
TRUSTED_PROXIES). - Flexible: Customizable headers, caching, and merging logic.
Installation
composer require rolandverner/symfony-cloudflare
After installation, you can automatically publish the configuration file to your project:
php bin/console cloudflare:install
Configuration
You can customize the bundle in config/packages/cloudflare_proxies.yaml:
cloudflare_proxies: # Mode: 'append' (default) or 'override' # 'append' adds Cloudflare IPs to your existing TRUSTED_PROXIES # 'override' replaces them entirely mode: append # Optional: custom environment variable for trusted proxies proxies_env: CLOUDFLARE_TRUSTED_PROXIES # Additional proxies to trust (e.g., your local load balancer) extra: [] # Example: # extra: # - 10.0.0.1 # - 172.16.0.0/12 # Trusted headers configuration trusted_headers: - x-forwarded-for - x-forwarded-host - x-forwarded-proto - x-forwarded-port - forwarded # Cache configuration cache: pool: cache.app key: cloudflare_proxies_ips ttl: 86400 # 24 hours
Environment Variables
By default, the bundle will automatically merge Cloudflare IPs with any proxies defined in your standard Symfony environment variable:
# .env
TRUSTED_PROXIES=127.0.0.1,10.0.0.1
If you prefer to use a custom variable name, you can change proxies_env in the configuration.
Usage
The bundle hooks into the kernel.request event with high priority (2000), so it runs before the Security component.
Commands
You can manually reload or view the cached IP ranges:
# Install the default configuration file php bin/console cloudflare:install # Force reload Cloudflare IPs into cache php bin/console cloudflare:reload # View currently cached IP ranges php bin/console cloudflare:view
Tip
While the bundle refreshes the cache automatically on request, it is recommended to set up a cron job to keep the cache warm:
0 */12 * * * php /path/to/your/project/bin/console cloudflare:reload > /dev/null 2>&1
Credits
This bundle is inspired by monicahq/laravel-cloudflare.
License
MIT