背后亚马逊ELB Symfony2的:永远信任代理的数据? [英] symfony2 behind Amazon ELB: always trust proxy data?
问题描述
我运行在AWS上一个Symfony2的Web应用程序,并且正在使用弹性负载均衡器。
I'm running a Symfony2 web application on AWS, and am using an Elastic Load Balancer.
在一个控制器的方法,我需要做到以下几点,以获取用户的IP请求一个网页:
In a controller method, I need to do the following to get the IP of a user requesting a web page:
$request->trustProxyData();
$clientIp = $request->getClientIp(True);
这是否present任何安全风险?我不使用的客户端IP的特权升级,我只是记录了。
Does this present any security risks? I'm not using the client IP for privilege escalation, I'm just logging it.
是否有某种方式来强制 trustProxyData()始终,或以其他方式重新配置 $请求 - > getClientIp()到 DWIM ?我的应用程序将永远是负载平衡器后面的(除了当我做我的桌面上开发)。
Is there some way to force trustProxyData() always, or otherwise reconfigure $request->getClientIp() to DWIM? My app will always be behind a load balancer (except while I do development on my desktop).
相关阅读:<一href="http://fabien.potencier.org/article/51/create-your-own-framework-on-top-of-the-symfony2-components-part-2" rel="nofollow">http://fabien.potencier.org/article/51/create-your-own-framework-on-top-of-the-symfony2-components-part-2 (但它并没有说,如果有一些全局配置,所以我没有叫 trustProxyData()到处都是)。
Related: http://fabien.potencier.org/article/51/create-your-own-framework-on-top-of-the-symfony2-components-part-2 (but it doesn't say if there's some global config so I don't have to call trustProxyData() everywhere).
推荐答案
您可以配置框架包要做到这一点:的http://symfony.com/doc/2.0/reference/configuration/framework.html#trust-proxy-headers
You can configure the framework bundle to do this: http://symfony.com/doc/2.0/reference/configuration/framework.html#trust-proxy-headers
framework:
trust_proxy_headers: true
这篇关于背后亚马逊ELB Symfony2的:永远信任代理的数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
