mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Allow trusted proxy via APP_TRUSTED_PROXIES (#9196)

Browse Source 
* Allow trusted proxy via APP_TRUSTED_PROXIES
Set to '*' by default to emulate legacy behavior.
Set up doc describing environment variables

* Create helper to parse environment variables into arrays properly.

* Update doc blocks
This commit is contained in:
Tony Murray
2018-09-13 07:26:42 -05:00
committed by GitHub
parent c222d0e516
commit 79333c45f6
12 changed files with 271 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
config/trustedproxy.php Normal file
View File

@@ -0,0 +1,51 @@
<?php
return [
/*
* Set trusted proxy IP addresses.
*
* Both IPv4 and IPv6 addresses are
* supported, along with CIDR notation.
*
* The "*" character is syntactic sugar
* within TrustedProxy to trust any proxy
* that connects directly to your server,
* a requirement when you cannot know the address
* of your proxy (e.g. if using ELB or similar).
*
*/
'proxies' => \LibreNMS\Util\Env::parseArray('APP_TRUSTED_PROXIES', '*', ['', '*', '**']),
/*
* To trust one or more specific proxies that connect
* directly to your server, use an array of IP addresses:
*/
# 'proxies' => ['192.168.1.1'],
/*
* Or, to trust all proxies that connect
* directly to your server, use a "*"
*/
# 'proxies' => '*',
/*
* Which headers to use to detect proxy related data (For, Host, Proto, Port)
*
* Options include:
*
* - Illuminate\Http\Request::HEADER_X_FORWARDED_ALL (use all x-forwarded-* headers to establish trust)
* - Illuminate\Http\Request::HEADER_FORWARDED (use the FORWARDED header to establish trust)
*
* @link https://symfony.com/doc/current/deployment/proxies.html
*/
'headers' => Illuminate\Http\Request::HEADER_X_FORWARDED_ALL,
// 'headers' => [
// (defined('Illuminate\Http\Request::HEADER_FORWARDED') ? Illuminate\Http\Request::HEADER_FORWARDED : 'forwarded') => 'FORWARDED',
// \Illuminate\Http\Request::HEADER_CLIENT_IP => 'X_FORWARDED_FOR',
// \Illuminate\Http\Request::HEADER_CLIENT_HOST => 'X_FORWARDED_HOST',
// \Illuminate\Http\Request::HEADER_CLIENT_PROTO => 'X_FORWARDED_PROTO',
// \Illuminate\Http\Request::HEADER_CLIENT_PORT => 'X_FORWARDED_PORT',
// ]
];