7

On symfony 2.1, there was an additional field trusted_proxies, to tell the framework which proxies it should trust. Amazon's Elastic Load Balancer tells you not to rely on the IP it's assigned, since it can change.

How do you set the trusted_proxies directive on such an environment? Currently I'm using trust_proxy_data, but it has been deprecated and is marked for removal in Symfony 2.3.

Shrujan Shetty
  • 2,298
  • 3
  • 27
  • 44
Lumbendil
  • 2,906
  • 1
  • 19
  • 24
  • Have you checked this question - http://stackoverflow.com/questions/11957811/symfony2-behind-amazon-elb-always-trust-proxy-data? – Vitalii Zurian Feb 11 '13 at 16:30
  • 5
    As I stated, in Symfony 2.3 that directive is going to be removed. I'm currently using that solution, but I was searching if there was a better option. – Lumbendil Feb 11 '13 at 16:34
  • Excuse me for my blindness :[ – Vitalii Zurian Feb 11 '13 at 17:01
  • I am not an expert on AWS, but im pretty sure they offer you a DNS name that never changes for the load balancer, so you should use that name instead of the ip address? – Feras Mar 12 '13 at 07:22

2 Answers2

0

I am not an expert on AWS, but im pretty sure they offer you a DNS name that never changes for the load balancer, so you should use that name instead of the ip address? Heres something interesting: http://nickhills.com/wp/2012/02/aws-elastic-load-balancing-with-a-static-ip-address/

Feras
  • 2,114
  • 3
  • 20
  • 42
  • If I'm not wrong Symfony2 only allows you to give IPs to that array, no DNS names, though I'll check it. I'll also check the article to see if it can fix the issue at hand, and if so, mark your answer as valid. – Lumbendil Mar 12 '13 at 14:16
  • Even if the config allows DNS names, it won't help. The IP addresses can and do change. Symphony can't constantly re-lookup the DNS name just in case it changes. – BraveNewCurrency Jul 06 '13 at 19:38
0

On symfony 2.2 they added the option to allow a range of IPs, which does solve this issue. Sadly on 2.1 you can only set trusted_proxies to true, letting all proxies modify the client IP.

Lumbendil
  • 2,906
  • 1
  • 19
  • 24