From dd88a334ea28bb25e6feb4c201273052e7dfe8ab Mon Sep 17 00:00:00 2001
From: Fred Cox <mcfedr@gmail.com>
Date: Tue, 12 Nov 2019 12:05:02 +0200
Subject: [PATCH] Add tip for trusted_proxies

---
 deployment/proxies.rst | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/deployment/proxies.rst b/deployment/proxies.rst
index 7cfe4658455..c2f45a97bad 100644
--- a/deployment/proxies.rst
+++ b/deployment/proxies.rst
@@ -76,6 +76,17 @@ That's it! It's critical that you prevent traffic from all non-trusted sources.
 If you allow outside traffic, they could "spoof" their true IP address and
 other information.
 
+.. tip::
+
+    In applications using :ref:`Symfony Flex <symfony-flex>` you can set the
+    TRUSTED_PROXIES env var:
+
+    .. code-block:: bash
+
+        # .env
+        TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR
+
+
 If you are also using a reverse proxy on top of your load balancer (e.g.
 `CloudFront`_), calling ``$request->server->get('REMOTE_ADDR')`` won't be
 enough, as it will only trust the node sitting directly above your application