How to configure Laravel Trusted Proxy for an AWS load balancer?

Trust the IP ranges of AWS ELB/ALB in Laravel's configuration using this package. It automatically handles X-Forwarded headers to ensure correct client IP and HTTPS scheme detection in your app.

Laravel Trusted Proxy vs Symfony trusted proxies – which is better for Laravel?

Laravel Trusted Proxy is optimized for Laravel with easier configuration, while Symfony's native approach offers more control but requires manual setup. For Laravel apps, this package simplifies the process significantly.

What happens if I don't set a trusted proxy in Laravel?

Without it, Laravel may use proxy IPs for client info, leading to incorrect URLs, broken redirects, and inaccurate logging in production, especially when behind load balancers that terminate SSL.

How to handle security risks when trusting all proxies with Laravel Trusted Proxy?

Mitigate risks by only trusting specific proxy IPs when known, using services with published IP ranges. For unknown IPs, monitor logs and consider additional validation layers to prevent spoofing.

Can I use Laravel Trusted Proxy with CloudFlare?

Yes, it supports CloudFlare by trusting CloudFlare's IP addresses. The README links to a wiki page with IP addresses for popular services, including CloudFlare, for easy configuration.

How to upgrade from Laravel Trusted Proxy to Laravel 9's built-in proxy handling?

Remove the package via Composer and update your Laravel configuration to use the native trusted proxy settings. Follow Laravel 9 upgrade docs to ensure a smooth transition without breaking functionality.

Laravel Proxy — Laravel Trusted Proxy Package

What is Laravel Proxy?

Laravel Trusted Proxy is a PHP package that configures Laravel applications to correctly interpret HTTP requests when behind reverse proxies like load balancers or CDNs. It solves the problem of applications misidentifying client details (e.g., using proxy IPs instead of real client IPs) by properly trusting and reading X-Forwarded headers. This ensures accurate URL generation, redirects, sessions, and logging in production setups.

Target Audience

Laravel developers deploying applications behind load balancers, reverse proxies, or caching services (e.g., AWS ELB/ALB, Nginx, CloudFlare) who need correct client information handling.

Value Proposition

Developers choose this package because it provides a simple, standardized way to configure trusted proxies in Laravel, eliminating common issues with URL generation and session handling in proxied environments. Its integration with Laravel's request handling and Symfony HTTP components offers reliability and security by allowing precise control over which proxies are trusted.

Laravel Proxy Package for handling sessions when behind load balancers or other intermediaries.

Use Cases

Best For

Laravel applications deployed behind AWS Elastic Load Balancer (ELB) or Application Load Balancer (ALB)
Ensuring correct HTTPS URL generation when load balancers terminate SSL and forward HTTP to backend servers
Maintaining accurate client IP addresses for logging and session management in proxied setups
Configuring trusted proxies for applications using CDNs like CloudFlare or caching layers like Varnish
Handling X-Forwarded headers securely to prevent spoofing in production environments
Simplifying proxy configuration for Laravel apps without manual Symfony HTTP kernel adjustments

Not Ideal For

Laravel 9.x and newer applications where built-in proxy handling is available and this package is deprecated
Projects not deployed behind any reverse proxy or load balancer, as it adds unnecessary configuration complexity
Applications requiring custom or non-standard proxy header handling beyond X-Forwarded headers, such as proprietary CDN setups

Pros & Cons

Pros

Easy Proxy Configuration

Simplifies setting trusted proxy IPs in Laravel, avoiding manual adjustments to Symfony HTTP classes as described in the README, making it accessible for common deployment scenarios.

Accurate Request Details

Ensures correct URL generation, redirects, and session handling by reading X-Forwarded headers from trusted proxies, critical for load-balanced setups like AWS ELB where SSL termination occurs.

Security-Focused Design

Allows trust configuration for specific proxies, reducing the risk of header spoofing compared to trusting all proxies indiscriminately, as highlighted in the security awareness feature.

Wide Compatibility

Supports common proxies like Nginx, HAProxy, AWS ELB/ALB, and CloudFlare, with a wiki listing IP addresses for popular services, making it versatile for production environments.

Cons

Deprecated for Newer Laravel

Not needed for Laravel 9.x and above, as built-in functionality exists; using it can lead to conflicts or redundancy, and the README explicitly advises against it for Laravel 9.x.

Security Compromises with Hosted Proxies

For services like AWS ELB with unknown IPs, you must trust all proxies, which the README notes increases vulnerability to spoofed headers, a significant trade-off in security.

Framework Lock-in

Specifically tailored for Laravel, so it's useless for applications built on other PHP frameworks or custom codebases, limiting its utility in mixed-technology stacks.

Frequently Asked Questions

What is Laravel Proxy?

Target Audience

Laravel developers deploying applications behind load balancers, reverse proxies, or caching services (e.g., AWS ELB/ALB, Nginx, CloudFlare) who need correct client information handling.

Value Proposition

Use Cases

Best For

Laravel applications deployed behind AWS Elastic Load Balancer (ELB) or Application Load Balancer (ALB)
Ensuring correct HTTPS URL generation when load balancers terminate SSL and forward HTTP to backend servers
Maintaining accurate client IP addresses for logging and session management in proxied setups
Configuring trusted proxies for applications using CDNs like CloudFlare or caching layers like Varnish
Handling X-Forwarded headers securely to prevent spoofing in production environments
Simplifying proxy configuration for Laravel apps without manual Symfony HTTP kernel adjustments

Not Ideal For

Laravel 9.x and newer applications where built-in proxy handling is available and this package is deprecated
Projects not deployed behind any reverse proxy or load balancer, as it adds unnecessary configuration complexity
Applications requiring custom or non-standard proxy header handling beyond X-Forwarded headers, such as proprietary CDN setups

Pros & Cons

Pros

Easy Proxy Configuration

Simplifies setting trusted proxy IPs in Laravel, avoiding manual adjustments to Symfony HTTP classes as described in the README, making it accessible for common deployment scenarios.

Accurate Request Details

Ensures correct URL generation, redirects, and session handling by reading X-Forwarded headers from trusted proxies, critical for load-balanced setups like AWS ELB where SSL termination occurs.

Security-Focused Design

Allows trust configuration for specific proxies, reducing the risk of header spoofing compared to trusting all proxies indiscriminately, as highlighted in the security awareness feature.

Wide Compatibility

Supports common proxies like Nginx, HAProxy, AWS ELB/ALB, and CloudFlare, with a wiki listing IP addresses for popular services, making it versatile for production environments.

Cons

Deprecated for Newer Laravel

Not needed for Laravel 9.x and above, as built-in functionality exists; using it can lead to conflicts or redundancy, and the README explicitly advises against it for Laravel 9.x.

Security Compromises with Hosted Proxies

For services like AWS ELB with unknown IPs, you must trust all proxies, which the README notes increases vulnerability to spoofed headers, a significant trade-off in security.

Framework Lock-in

Specifically tailored for Laravel, so it's useless for applications built on other PHP frameworks or custom codebases, limiting its utility in mixed-technology stacks.

Frequently Asked Questions

Laravel Proxy

What is Laravel Proxy?

Overview

Use Cases

Best For

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions

Related Projects

Found a gem we're missing?

Laravel Proxy

What is Laravel Proxy?

Overview

Use Cases

Best For

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions

Related Projects

Found a gem we're missing?