diff --git a/book/http_cache.rst b/book/http_cache.rst index 4b25eda1ebd..8ded303fe7a 100644 --- a/book/http_cache.rst +++ b/book/http_cache.rst @@ -163,7 +163,7 @@ The caching kernel will immediately act as a reverse proxy - caching responses from your application and returning them to the client. Now that you're using a "proxy", you'll need to configure ``127.0.0.1`` under -the ``trusted_proxies`` configuration (see :ref:`reference `). +the ``trusted_proxies`` configuration (see :ref:`the reference `). Without this, the client's IP address and a few other things won't report correctly. .. tip:: diff --git a/cookbook/request/load_balancer_reverse_proxy.rst b/cookbook/request/load_balancer_reverse_proxy.rst index 497d00cdf59..324cbd12838 100644 --- a/cookbook/request/load_balancer_reverse_proxy.rst +++ b/cookbook/request/load_balancer_reverse_proxy.rst @@ -1,5 +1,5 @@ -How to Configure Symfony to Work behind a Load Balancer or Reverse Proxy -======================================================================== +How to Configure Symfony to Work behind a Load Balancer or a Reverse Proxy +========================================================================== When you deploy your application, you may be behind a load balancer (e.g. an AWS Elastic Load Balancer) or a reverse proxy (e.g. Varnish for @@ -60,7 +60,8 @@ and which reverse proxy IP addresses will be doing this type of thing: In this example, you're saying that your reverse proxy (or proxies) has the IP address ``192.0.0.1`` or matches the range of IP addresses that use -the CIDR notation ``10.0.0.0/8``. For more details, see :ref:`reference-framework-trusted-proxies`. +the CIDR notation ``10.0.0.0/8``. For more details, see the +:ref:`framework.trusted_proxies ` option. That's it! Symfony will now look for the correct ``X-Forwarded-*`` headers to get information like the client's IP address, host, port and whether or @@ -80,13 +81,13 @@ In this case, you'll need to - *very carefully* - trust *all* proxies. proxies, configure Symfony to *always* trust incoming request. This is done inside of your front controller:: - // web/app.php - // ... + // web/app.php - Request::setTrustedProxies(array($request->server->get('REMOTE_ADDR'))); + // ... + Request::setTrustedProxies(array($request->server->get('REMOTE_ADDR'))); - $response = $kernel->handle($request); - // ... + $response = $kernel->handle($request); + // ... That's it! It's critical that you prevent traffic from all non-trusted sources. If you allow outside traffic, they could "spoof" their true IP address and @@ -97,7 +98,7 @@ My Reverse Proxy Uses Non-Standard (not X-Forwarded) Headers Most reverse proxies store information on specific ``X-Forwarded-*`` headers. But if your reverse proxy uses non-standard header names, you can configure -these (:doc:`see reference `. +these (see ":doc:`/components/http_foundation/trusting_proxies`"). The code for doing this will need to live in your front controller (e.g. ``web/app.php``). .. _`security groups`: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/using-elb-security-groups.html