diff --git a/web/app.php b/web/app.php index 17acb7f..d324ad6 100644 --- a/web/app.php +++ b/web/app.php @@ -13,6 +13,7 @@ $kernel = new AppKernel('prod', false); // When using the HttpCache, you need to call the method in your front controller instead of relying on the configuration parameter //Request::enableHttpMethodParameterOverride(); $request = Request::createFromGlobals(); +Request::setTrustedProxies([$request->server->get('REMOTE_ADDR')],Request::HEADER_X_FORWARDED_ALL); $response = $kernel->handle($request); $response->send(); $kernel->terminate($request, $response); diff --git a/web/app_dev.php b/web/app_dev.php index 5888397..f4b042d 100644 --- a/web/app_dev.php +++ b/web/app_dev.php @@ -10,13 +10,13 @@ use Symfony\Component\Debug\Debug; // This check prevents access to debug front controllers that are deployed by accident to production servers. // Feel free to remove this, extend it, or make something more sophisticated. -//if (isset($_SERVER['HTTP_CLIENT_IP']) -// || isset($_SERVER['HTTP_X_FORWARDED_FOR']) -// || !(in_array(@$_SERVER['REMOTE_ADDR'], ['127.0.0.1', '::1']) || php_sapi_name() === 'cli-server') -//) { -// header('HTTP/1.0 403 Forbidden'); -// exit('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.'); -//} +if (isset($_SERVER['HTTP_CLIENT_IP']) + || isset($_SERVER['HTTP_X_FORWARDED_FOR']) + || !(in_array(@$_SERVER['REMOTE_ADDR'], ['127.0.0.1', '::1']) || php_sapi_name() === 'cli-server') +) { + header('HTTP/1.0 403 Forbidden'); + exit('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.'); +} /** @var \Composer\Autoload\ClassLoader $loader */ $loader = require __DIR__.'/../app/autoload.php'; @@ -25,6 +25,7 @@ Debug::enable(); $kernel = new AppKernel('dev', true); //$kernel->loadClassCache(); $request = Request::createFromGlobals(); +Request::setTrustedProxies([$request->server->get('REMOTE_ADDR')],Request::HEADER_X_FORWARDED_ALL); $response = $kernel->handle($request); $response->send(); $kernel->terminate($request, $response);