Skip to content

[FrameworkBundle] add a private_ranges shortcut for trusted_proxies #52924

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 2, 2024
Merged

[FrameworkBundle] add a private_ranges shortcut for trusted_proxies #52924

merged 1 commit into from
Jan 2, 2024

Conversation

xabbuh
Copy link
Member

@xabbuh xabbuh commented Dec 7, 2023

Q A
Branch? 7.1
Bug fix? no
New feature? yes
Deprecations? no
Issues Fix #51826
License MIT

@carsonbot carsonbot added this to the 7.1 milestone Dec 7, 2023
@xabbuh xabbuh mentioned this pull request Dec 7, 2023
Closed
@danielburger1337
Copy link
Contributor

There are some scenarios where additional private IPs are used for reverse proxies. For example I know of multiple setups where the forwarded proxy is 127.0.0.1 (mainly Nginx -> Apache on the same machine without containerization).

There is also the case of azure load balancer. I don't know if they still actively deploy this or not but at least they used to use a little known feature called IPv6 "IPv4 mapped addresses" ::ffff:0:0/96.

Wouldn't it make sense to add this to the shortcut as well? And if yes, why not just use the IpUtils::PRIVATE_SUBNETS constant? symfony/framework-bundle has a dependency on http-foundation anyways.

@xabbuh
Copy link
Member Author

xabbuh commented Dec 8, 2023

Wouldn't it make sense to add this to the shortcut as well? And if yes, why not just use the IpUtils::PRIVATE_SUBNETS constant? symfony/framework-bundle has a dependency on http-foundation anyways.

sounds reasonable to me, I have changed the code accordingly

nicolas-grekas
nicolas-grekas approved these changes Dec 30, 2023
View reviewed changes
Copy link
Member

@nicolas-grekas nicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, rebase needed

@nicolas-grekas
Copy link
Member

Thank you @xabbuh.

@nicolas-grekas nicolas-grekas mentioned this pull request Jan 2, 2024
Closed
@nicolas-grekas nicolas-grekas merged commit c8adc20 into symfony:7.1 Jan 2, 2024
@xabbuh xabbuh deleted the issue-51826 branch January 2, 2024 09:38
@fabpot fabpot mentioned this pull request May 2, 2024
Merged
@nicolas-grekas nicolas-grekas mentioned this pull request Sep 3, 2024
Merged
nicolas-grekas added a commit that referenced this pull request Sep 3, 2024
@nicolas-grekas
feature #58154 [HttpFoundation] Add PRIVATE_SUBNETS as a shortcut f…
4a7a68e 
…or private IP address ranges to `Request::setTrustedProxies()` (nicolas-grekas)

This PR was merged into the 7.2 branch.

Discussion
----------

[HttpFoundation] Add `PRIVATE_SUBNETS` as a shortcut for private IP address ranges to `Request::setTrustedProxies()`

| Q             | A
| ------------- | ---
| Branch?       | 7.2
| Bug fix?      | no
| New feature?  | no
| Deprecations? | no
| Issues        | -
| License       | MIT

Let's save some memory allocations and callbacks when we can.

Tweaks #33574 and #52924

Commits
-------

6bd4b4a [HttpFoundation] Add `PRIVATE_SUBNETS` as a shortcut for private IP address ranges to `Request::setTrustedProxies()`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

Assignees
No one assigned
Labels
Feature FrameworkBundle Status: Reviewed
Projects
None yet
Milestone
7.1
Development

Successfully merging this pull request may close these issues.

[Framework] trusted_proxies: private_ranges
4 participants
@xabbuh @danielburger1337 @nicolas-grekas @carsonbot