Download the PHP package laravel-foundry/trusted-proxies without Composer

On this page you can find all versions of the php package laravel-foundry/trusted-proxies. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package trusted-proxies

PHP Version Packagist Downloads Packagist Stars GitHub Actions Workflow Status Coverage Status Known Vulnerabilities GitHub Issues GitHub Release License

Laravel Trusted Proxies

Laravel trusted proxies configuration for applications behind CDNs, load balancers, or Docker networks.

Why This Package?

Laravel has built-in support for trusted proxies, but configuring it correctly for real-world infrastructure — especially when combining a CDN with Docker Swarm — requires non-trivial setup across multiple files.

This package solves that with a single .env variable:

That's it. No middleware changes, no PHP configuration files, no hardcoded IP lists to maintain.

What it does that Laravel doesn't out of the box

What it does not do

It does not replace or wrap Laravel's TrustProxies middleware. It configures Request::setTrustedProxies() directly, letting Symfony's battle-tested header resolution handle everything.

Features

Requirements

Installation

1. Install the package

The package auto-registers via Laravel's service provider discovery.

2. Configure environment variables

Add to your .env file:

That's it. The package will automatically configure trusted proxies on every request.

Configuration

Environment Variables

Available Providers

Provider Description IP Source
cloudflare Cloudflare CDN Dynamic via API (cached)
aws_cloudfront AWS CloudFront CDN Static ranges
fastly Fastly CDN Static ranges
docker Docker networks (bridge, custom, Swarm ingress) Static ranges

Publish Configuration (Optional)

For advanced customization, publish the config file:

This creates config/trustedproxies.php where you can customize settings.

Usage

Basic Usage

After installation, Laravel automatically gets the real client IP:

Environment-Specific Configurations

Local Development

Staging

Production with Docker Swarm

Important: Always keep docker enabled in production when using Docker Swarm. The Swarm ingress network acts as an internal proxy, so without trusting Docker IP ranges the real client IP cannot be resolved correctly even when Cloudflare provides it in CF-Connecting-IP.

Custom Load Balancer

Multiple CDN Providers

Common Use Cases

Rate Limiting

IP Whitelisting

Logging Real IPs

How It Works

Architecture

Why Trust Docker in Production?

With Docker Swarm, requests flow through the ingress network before reaching your container:

Without trusting Docker IPs, you'd see the ingress IP (10.0.x.x) instead of the real client IP. Cloudflare sends the real IP in CF-Connecting-IP, but you still need to trust the ingress network for Symfony to process the forwarded headers correctly.

Cloudflare IP Ranges

Cloudflare IP ranges are resolved dynamically at runtime via monicahq/laravel-cloudflare, which fetches them from https://www.cloudflare.com/ips-v4 and ips-v6 and stores them in Laravel's cache. You should schedule a periodic cache refresh to keep them up to date:

Or via Laravel scheduler in routes/console.php:

Troubleshooting

Still seeing proxy IPs?

Docker Swarm issues?

Testing

More info

See here.

Changelog

Please see CHANGELOG for a detailed list of changes for each release.

We follow Semantic Versioning and use Conventional Commits to automatically generate our changelog.

Release Process

All releases are automatically created when changes are pushed to the main branch, based on commit message conventions.

Contributing

For your contributions please use:

See CONTRIBUTING for detailed guidelines.

Sponsor

Buy Me A Coffee

License

(ɔ) Copyleft 2026 Frugan.
GNU GPLv3, see LICENSE file.


All versions of trusted-proxies with dependencies

PHP Build Version
Package Version
Requires php Version >=8.2
illuminate/http Version ^10.0 || ^11.0 || ^12.0 || ^13.0
illuminate/support Version ^10.0 || ^11.0 || ^12.0 || ^13.0
monicahq/laravel-cloudflare Version ^4.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package laravel-foundry/trusted-proxies contains the following files

Loading the files please wait ...