All geek questions in one place

Heroku trusted proxies

I am running a symfony2 application on Heroku , and I need to get trusted proxies (IP addresses) for which my application will work, as described here: http://symfony.com/blog/new-in-symfony-2-3 -use-sub-networks-to-configure-trusted-proxies

There is a mention of the IP addresses that Dyno can get in Dyno>, which say:

When you run multiple speakers, applications are distributed among several nodes of the dinosaur. Access to your application always goes through routers.

As a result, dynos does not have static IP addresses. Although you will never be able to connect to dino directly, outgoing requests from dino may occur. However, you can rely on the dynos IP address to change as it restarts in different places.

There are several options in the structure:

framework:
    trust_proxy_headers: true

But it will soon be obsolete ...

Thanks!:)

+3
source share
3 answers

You can probably just add a call to your front controller that trusts the incoming IP address (since the only way to get to your server is through the Heroku routing layer):

Request::setTrustedProxies(array($_SERVER['REMOTE_ADDR']));
+4
source

Heroku Symfony Heroku , , , Symfony Heroku, X-Forwarded-For, X-Forwarded-Proto X-Forwarded-Port. .

:

$trustedHeaders = [
    Request::HEADER_X_FORWARDED_FOR,
    Request::HEADER_X_FORWARDED_PROTO,
    Request::HEADER_X_FORWARDED_PORT,
];
Request::setTrustedProxies(
    array($_SERVER['REMOTE_ADDR']),
    array_reduce($trustedHeaders, function($carry, $value) {
        return $carry ^ $value;
    }, 0)
);
0

Hm, on Heroku, a dynos-based application is only accessible through a layer / proxy routing server, so you should trust everything. In addition, the IP addresses of the routers that proxies request from your application are not known.

Request::setTrustedProxies(array('0.0.0.0/0'));
-1
source

Source: https://habr.com/ru/post/1613837/

More articles:


All Articles