Jan 18, 2017 · Jan 22, 2017 · Jan 18, 2017
diff --git a/components/http_foundation/trusting_proxies.rst b/components/http_foundation/trusting_proxies.rst

 Since HTTP headers can be spoofed, Symfony does *not* trust these proxy
 headers by default. If you are behind a proxy, you should manually whitelist
 your proxy.

 .. versionadded:: 2.3
    CIDR notation support was introduced in Symfony 2.3, so you can whitelist whole
    subnets (e.g. ``10.0.0.0/8``, ``fc00::/7``).
 your proxy as follows:

 .. code-block:: php

    use Symfony\Component\HttpFoundation\Request;

    // only trust proxy headers coming from this IP addresses
    // put this code as early as possible in your application (e.g. in your
    // front controller) to only trust proxy headers coming from these IP addresses
    Request::setTrustedProxies(array('192.0.0.1', '10.0.0.0/8'));

 .. versionadded:: 2.3
    CIDR notation support was introduced in Symfony 2.3, so you can whitelist whole
    subnets (e.g. ``10.0.0.0/8``, ``fc00::/7``).

 You should also make sure that your proxy filters unauthorized use of these
 headers, e.g. if a proxy natively uses the ``X-Forwarded-For`` header, it
 should not allow clients to send ``Forwarded`` headers to Symfony.
Original file line number	Diff line number	Diff line change
Expand Up		@@ -17,19 +17,20 @@ the actual host may be stored in an ``X-Forwarded-Host`` header.

		Since HTTP headers can be spoofed, Symfony does not trust these proxy
		headers by default. If you are behind a proxy, you should manually whitelist
		your proxy.

		.. versionadded:: 2.3
		CIDR notation support was introduced in Symfony 2.3, so you can whitelist whole
		subnets (e.g. ``10.0.0.0/8``, ``fc00::/7``).
		your proxy as follows:
Copy link Member xabbuhJan 18, 2017 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. Should we move the`versionadded` block somewhere as it may not read a bit weird with the colon here? javiereguiluz reacted with thumbs up emoji

		.. code-block:: php

		use Symfony\Component\HttpFoundation\Request;

		// only trust proxy headers coming from this IP addresses
		// put this code as early as possible in your application (e.g. in your
		// front controller) to only trust proxy headers coming from these IP addresses
		Request::setTrustedProxies(array('192.0.0.1', '10.0.0.0/8'));

		.. versionadded:: 2.3
		CIDR notation support was introduced in Symfony 2.3, so you can whitelist whole
		subnets (e.g. ``10.0.0.0/8``, ``fc00::/7``).

		You should also make sure that your proxy filters unauthorized use of these
		headers, e.g. if a proxy natively uses the ``X-Forwarded-For`` header, it
		should not allow clients to send ``Forwarded`` headers to Symfony.
Expand Down