Merge pull request #284 from Pterodactyl/fix/trusted-proxies

Allow to set trusted proxies to allow usage of load balancers and reverse proxies
This commit is contained in:
Jakob 2017-02-09 13:32:23 +01:00 committed by GitHub
commit c7d48d73c1
4 changed files with 64 additions and 0 deletions

View file

@ -17,7 +17,9 @@ class Kernel extends HttpKernel
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\Pterodactyl\Http\Middleware\LanguageMiddleware::class,
\Fideloper\Proxy\TrustProxies::class,
];
/**

View file

@ -27,6 +27,7 @@
"dingo/api": "1.0.0-beta6",
"aws/aws-sdk-php": "3.19.20",
"predis/predis": "1.1.1",
"fideloper/proxy": "3.2.0",
"laracasts/utilities": "2.1.0",
"lord/laroute": "2.3.0"
},

View file

@ -160,6 +160,7 @@ return [
igaster\laravelTheme\themeServiceProvider::class,
Prologue\Alerts\AlertsServiceProvider::class,
Krucas\Settings\Providers\SettingsServiceProvider::class,
Fideloper\Proxy\TrustedProxyServiceProvider::class,
Laracasts\Utilities\JavaScript\JavaScriptServiceProvider::class,
Lord\Laroute\LarouteServiceProvider::class,

60
config/trustedproxy.php Normal file
View file

@ -0,0 +1,60 @@
<?php
return [
/*
* Set trusted proxy IP addresses.
*
* Both IPv4 and IPv6 addresses are
* supported, along with CIDR notation.
*
* The "*" character is syntactic sugar
* within TrustedProxy to trust any proxy
* that connects directly to your server,
* a requirement when you cannot know the address
* of your proxy (e.g. if using Rackspace balancers).
*
* The "**" character is syntactic sugar within
* TrustedProxy to trust not just any proxy that
* connects directly to your server, but also
* proxies that connect to those proxies, and all
* the way back until you reach the original source
* IP. It will mean that $request->getClientIp()
* always gets the originating client IP, no matter
* how many proxies that client's request has
* subsequently passed through.
*/
'proxies' => in_array(env('TRUSTED_PROXIES', ['*', '**'])) ?
env('TRUSTED_PROXIES') : explode(',', env('TRUSTED_PROXIES', null)),
/*
* Or, to trust all proxies that connect
* directly to your server, uncomment this:
*/
// 'proxies' => '*',
/*
* Or, to trust ALL proxies, including those that
* are in a chain of fowarding, uncomment this:
*/
// 'proxies' => '**',
/*
* Default Header Names
*
* Change these if the proxy does
* not send the default header names.
*
* Note that headers such as X-Forwarded-For
* are transformed to HTTP_X_FORWARDED_FOR format.
*
* The following are Symfony defaults, found in
* \Symfony\Component\HttpFoundation\Request::$trustedHeaders
*/
'headers' => [
\Illuminate\Http\Request::HEADER_CLIENT_IP => 'X_FORWARDED_FOR',
\Illuminate\Http\Request::HEADER_CLIENT_HOST => 'X_FORWARDED_HOST',
\Illuminate\Http\Request::HEADER_CLIENT_PROTO => 'X_FORWARDED_PROTO',
\Illuminate\Http\Request::HEADER_CLIENT_PORT => 'X_FORWARDED_PORT',
],
];