/CloudFrontProxiesBundle

Fork for usage with Symfony `^6.*`

Primary LanguagePHPMIT LicenseMIT

Cloudfront Proxies

The bundle automatically register all Cloudfront IP range to the list of the trusted proxies.

The IP range is downloaded from AWS : https://ip-ranges.amazonaws.com/ip-ranges.json

These IPs are cached for one hour by default.

Configuration

Check the default configuration below.

# config/packages/erichard_cloudfront_proxies.yaml

erichard_cloudfront_proxies:
  expire: 3600
  cache: cache.app
  ip_range_url: https://ip-ranges.amazonaws.com/ip-ranges.json

Note

The IP list is only downloaded when the request contains a Cloudfront-Forwarded-Proto header. According to the AWS documentation this header is not sent by default so you need to configure your Cloudfront distribution properly.

The bundle also take care of setting back the X-Forwarded-Proto header based on Cloudfront-Forwarded-Proto.