Provides a way to retrieve cloudfront proxies ip ranges with caching mechanism
composer require fmaj/cloudfront-trusted-proxies
The initial purpose of this library was to be used in a symfony project, but it's theorically operational in other contexts like a laravel project.
As refered to the Symfony official documentation , if you are using CloudFront on top of your load balancer symfony does not provide an easy way to trust proxies traffic, as it will only trust the node sitting directly above your application (in this case your load balancer).
That's why you also need to append the IP addresses or ranges of any additional proxy (in this case CloudFront IP ranges) to the array of trusted proxies.
You have to inject a CacheInterface instance to the ProxiesHelper constructor.
In this example a FilesystemAdapter instance (from symfony/cache) is used to store the cloudfront ips for one hour (3600 seconds).
Note the filesystem cache adapter is often the worst choice for caching performances in production (except on tmpfs storage).
// public/index.php
use Fmaj\CloudfrontTrustedProxies\ProxiesHelper;
use Symfony\Component\Cache\Adapter\FilesystemAdapter;
use Symfony\Component\HttpFoundation\Request;
/** @var \Psr\Cache\CacheItemPoolInterface $cachePool */
$cachePool = new FilesystemAdapter('cloudfront_trusted_ips', 3600);
$proxyHelper = new ProxiesHelper($cachePool);
Request::setTrustedProxies(
$proxyHelper->list(),
Request::HEADER_X_FORWARDED_AWS_ELB
);