FilterUsingXForwardedHeaders
in package
implements
FilterServerRequestInterface
Modify the URI to reflect the X-Forwarded-* headers.
If the request comes from a trusted proxy, this filter will analyze the various X-Forwarded-* headers, if any, and if they are marked as trusted, in order to return a new request that composes a URI instance that reflects those headers.
Tags
Table of Contents
Interfaces
- FilterServerRequestInterface
- Filter/initialize a server request.
Constants
- HEADER_HOST = 'X-FORWARDED-HOST'
- HEADER_PORT = 'X-FORWARDED-PORT'
- HEADER_PROTO = 'X-FORWARDED-PROTO'
- X_FORWARDED_HEADERS = [self::HEADER_HOST, self::HEADER_PORT, self::HEADER_PROTO]
Properties
- $trustedHeaders : array<string|int, mixed>
- $trustedProxies : array<string|int, mixed>
Methods
- __invoke() : ServerRequestInterface
- Determine if a request needs further modification, and if so, return a new instance reflecting those modifications.
- trustAny() : self
- Trust any X-FORWARDED-* headers from any address.
- trustProxies() : self
- Indicate which proxies and which X-Forwarded headers to trust.
- trustReservedSubnets() : self
- Trust X-Forwarded headers from reserved subnetworks.
- __construct() : mixed
- Only allow construction via named constructors
- isFromTrustedProxy() : bool
- normalizeProxiesList() : array<int, non-empty-string>
- validateProxyCIDR() : bool
- validateTrustedHeaders() : void
Constants
HEADER_HOST
public
mixed
HEADER_HOST
= 'X-FORWARDED-HOST'
HEADER_PORT
public
mixed
HEADER_PORT
= 'X-FORWARDED-PORT'
HEADER_PROTO
public
mixed
HEADER_PROTO
= 'X-FORWARDED-PROTO'
X_FORWARDED_HEADERS
private
mixed
X_FORWARDED_HEADERS
= [self::HEADER_HOST, self::HEADER_PORT, self::HEADER_PROTO]
Properties
$trustedHeaders
private
array<string|int, mixed>
$trustedHeaders
= []
$trustedProxies
private
array<string|int, mixed>
$trustedProxies
= []
Methods
__invoke()
Determine if a request needs further modification, and if so, return a new instance reflecting those modifications.
public
__invoke(ServerRequestInterface $request) : ServerRequestInterface
Parameters
- $request : ServerRequestInterface
Return values
ServerRequestInterfacetrustAny()
Trust any X-FORWARDED-* headers from any address.
public
static trustAny() : self
This is functionally equivalent to calling trustProxies(['*']).
WARNING: Only do this if you know for certain that your application sits behind a trusted proxy that cannot be spoofed. This should only be the case if your server is not publicly addressable, and all requests are routed via a reverse proxy (e.g., a load balancer, a server such as Caddy, when using Traefik, etc.).
Return values
selftrustProxies()
Indicate which proxies and which X-Forwarded headers to trust.
public
static trustProxies(array<int, non-empty-string> $proxyCIDRList[, array<int, FilterUsingXForwardedHeaders::HEADER_*> $trustedHeaders = self::X_FORWARDED_HEADERS ]) : self
Parameters
- $proxyCIDRList : array<int, non-empty-string>
-
Each element may be an IP address or a subnet specified using CIDR notation; both IPv4 and IPv6 are supported. The special string "*" will be translated to two entries, "0.0.0.0/0" and "::/0". An empty list indicates no proxies are trusted.
- $trustedHeaders : array<int, FilterUsingXForwardedHeaders::HEADER_*> = self::X_FORWARDED_HEADERS
-
If the list is empty, all X-Forwarded headers are trusted.
Tags
Return values
selftrustReservedSubnets()
Trust X-Forwarded headers from reserved subnetworks.
public
static trustReservedSubnets([array<int, FilterUsingXForwardedHeaders::HEADER_*> $trustedHeaders = self::X_FORWARDED_HEADERS ]) : self
This is functionally equivalent to calling trustProxies() where the
$proxcyCIDRList argument is a list with the following:
- 10.0.0.0/8
- 127.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- ::1/128 (IPv6 localhost)
- fc00::/7 (IPv6 private networks)
- fe80::/10 (IPv6 local-link addresses)
Parameters
- $trustedHeaders : array<int, FilterUsingXForwardedHeaders::HEADER_*> = self::X_FORWARDED_HEADERS
-
If the list is empty, all X-Forwarded headers are trusted.
Tags
Return values
self__construct()
Only allow construction via named constructors
private
__construct([array<int, non-empty-string> $trustedProxies = [] ][, array<int, FilterUsingXForwardedHeaders::HEADER_*> $trustedHeaders = [] ]) : mixed
Parameters
- $trustedProxies : array<int, non-empty-string> = []
- $trustedHeaders : array<int, FilterUsingXForwardedHeaders::HEADER_*> = []
isFromTrustedProxy()
private
isFromTrustedProxy(string $remoteAddress) : bool
Parameters
- $remoteAddress : string
Return values
boolnormalizeProxiesList()
private
static normalizeProxiesList(array<int, non-empty-string> $proxyCIDRList) : array<int, non-empty-string>
Parameters
- $proxyCIDRList : array<int, non-empty-string>
Tags
Return values
array<int, non-empty-string>validateProxyCIDR()
private
static validateProxyCIDR(mixed $cidr) : bool
Parameters
- $cidr : mixed
Return values
boolvalidateTrustedHeaders()
private
static validateTrustedHeaders(array<string|int, mixed> $headers) : void
Parameters
- $headers : array<string|int, mixed>