我运行在AWS上一个Symfony2的Web应用程序,并且正在使用弹性负载均衡器。
I'm running a Symfony2 web application on AWS, and am using an Elastic Load Balancer.
在一个控制器的方法,我需要做到以下几点,以获取用户的IP请求一个网页:
In a controller method, I need to do the following to get the IP of a user requesting a web page:
$request->trustProxyData();
$clientIp = $request->getClientIp(True);
这是否present任何安全风险?我不使用的客户端IP的特权升级,我只是记录了。
Does this present any security risks? I'm not using the client IP for privilege escalation, I'm just logging it.
是否有某种方式来强制 trustProxyData()
始终,或以其他方式重新配置 $请求 - > getClientIp()
到 DWIM ?我的应用程序将永远是负载平衡器后面的(除了当我做我的桌面上开发)。
Is there some way to force trustProxyData()
always, or otherwise reconfigure $request->getClientIp()
to DWIM? My app will always be behind a load balancer (except while I do development on my desktop).
相关阅读:http://fabien.potencier.org/article/51/create-your-own-framework-on-top-of-the-symfony2-components-part-2 (但它并没有说,如果有一些全局配置,所以我没有叫 trustProxyData()
到处都是)。
Related: http://fabien.potencier.org/article/51/create-your-own-framework-on-top-of-the-symfony2-components-part-2 (but it doesn't say if there's some global config so I don't have to call trustProxyData()
everywhere).
您可以配置框架包要做到这一点:的http://symfony.com/doc/2.0/reference/configuration/framework.html#trust-proxy-headers
You can configure the framework bundle to do this: http://symfony.com/doc/2.0/reference/configuration/framework.html#trust-proxy-headers
framework:
trust_proxy_headers: true