Download the PHP package jasny/forwarded-middleware without Composer

On this page you can find all versions of the php package jasny/forwarded-middleware. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package forwarded-middleware

Forwarded Middleware

Build Status Scrutinizer Code Quality Code Coverage Packagist Stable Version Packagist License

Server middleware to process the Forwarded header for PSR-7 requests. Works both as PSR-15 and double pass middleware.

The middleware set the client_ip and original_url attributes for the server request. Also supports non-standard X-Forwarded-* and other custom headers.

Installation

composer require jasny/forwarded-middleware

Usage

Trusted proxies

The constructor takes a callback as only argument, which is called for each forward (separated by a comma) in the Forwarded header. Each forward should have a for directive and may have other directives like port and proto.

The first argument of the callback is the ip of the proxy server. The second argument contains the directives of this forward as associative array.

The initial value of the ip is taken from the REMOTE_ADDR server parameter. For each subsequent call gives the value of the for directive from the previous trusted forward.

Example

Forwarded: for=75.84.3.2,for=92.53.34.1,for=32.5.86.102,for=10.64.0.23
Client IP (REMOTE_ADDR) is 208.80.154.8 

This results in the following calls

The client_id is set to "32.5.86.102". Note that the for=75.84.3.2 forward isn't considered.

It's not required to trust based on IP. Alternatively you can check if the proxy has set a secret.

Original uri

Besides client_ip, the middleware will also set the original_uri attribute. This attribute is a PSR-7 URI object based on the URI of the request.

The proto and host, as well as the non-standard path and port directives are applied to create the original uri. If the port is the standard port for the proto (80 for "http" and 443 for https), it's omitted.

Only the directives of the last trusted proxy are used;

Example

HTTP/1.1 GET /foo
Host: x9.example.com
Forwarded: for=92.53.34.1, for=32.5.86.102;proto=https;port=443;host=example.com;path=/x/foo, for=10.64.0.23;proto=http;port=8080

The original_uri attribute will be "https://example.com/x/foo"

The uri of the server request is not altered.

Non-standard headers

Use CompatMiddleware in case your proxy sets X-Forwarded-* headers. This middleware will convert these headers to a Forwarded header.

By default the compat middleware uses the following headers

Custom headers

If your proxy uses other headers, you can pass custom mapping to constructor

If there are multiple headers for the same directive, the first header that's found is used. In the example above, if there is an X-Client-IP, the X-Forwarded-For header is not used.

The compat middleware supports multiple entries for any header that maps to the for directive. All other directives are applied to the first entry. This may not work as expected if X-Forwarded-For contains entries for both trusted and untrusted proxies.

The compat middleware will always replace or remove an existing Forwarded header. Typically a proxy either sets the Forwarded header or uses non-standard headers. Allowing both can lead to a security issue.

Double pass middleware

Some PHP libraries support double pass middleware instead of PSR-15 and a callable with the following signature;

To get a callback to be used by libraries as Jasny Router and Relay v1, use the asDoublePass() method.

CompatMiddleware also has an asDoublePass() method.


All versions of forwarded-middleware with dependencies

PHP Build Version
Package Version
Requires php Version >=7.2.0
psr/http-message Version ^1.0
psr/http-server-middleware Version ^1.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package jasny/forwarded-middleware contains the following files

Loading the files please wait ....