Closed jberns88 closed 5 years ago
nerdlibfront
commented
6 years ago Just updated from 0.5 to 1.1 and i got the same problem. Thing is that we don't know the load balancer ip addresses, they might also change over time. As far as i see it the current approach of forcing to check for the ip of the proxy makes the MW unusable with AWS. Thing is only the ELB can access the web instances, so we can be sure that incoming http requests can be trusted regarding the headers from proxy.
akrabat
commented
5 years ago I think you can set $checkProxyHeaders to an empty array and it'll work as you expect.
akrabat
commented
5 years ago From the README:
If you configure to check the proxy headers (first parameter is
true), you have to provide an array of trusted proxies as the second parameter. If the array is empty, the proxy headers will always be evaluated.
(emphasis mine)
Hi Guys,
AWS doesn't specify the private IP address for my application load balancer. I think from what I've read online the number of addresses can change as the load balancer scales. So essentially I need to be able to check the proxy headers without the trusted proxies list and/or use a netmask? I can do the work to add this feature if you think this change is acceptable?