Download the PHP package yiisoft/proxy-middleware without Composer

On this page you can find all versions of the php package yiisoft/proxy-middleware. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of yiisoft/proxy-middleware

Informations about the package proxy-middleware

Yii

Yii Proxy Middleware


Latest Stable Version Total Downloads Build status Code Coverage Mutation testing badge static analysis type-coverage psalm-level

The package provides proxy related middleware classes that implement PSR-15:

For other miscellaneous middleware, there is a separate package - Yii Middleware.

For more information on how to use middleware in the Yii Framework, see the Yii middleware guide.

Requirements

Installation

The package could be installed with Composer:

General usage

TrustedHeaderProtocolResolver

Trusted header protocol resolver sets a server request protocol based on special header you trust such as X-Forwarded-Proto.

You can use it if your server is behind a trusted load balancer or a proxy that's always setting the special header itself discarding any header values provided by user.

TrustedHostsNetworkResolver

Scans the entire connection chain and resolves the data from forwarded headers taking into account trusted IPs. Additionally, all items' structure is thoroughly validated because headers' data can't be trusted. The following data is resolved:

The typical use case is having an application behind a load balancer.

Trusted IPs

A list of trusted IPs from connection chain.

Proxies' IPs including the one in $_SERVER['REMOTE_ADDR'] must be specified here. For example, for $_SERVER['REMOTE_ADDR'] with value 18.18.18.18 and 2 other proxies - 2.2.2.2 and 8.8.8.8, the configuration will be:

The order of IPs is not important.

Forwarded header groups

Header groups to parse the data from. By including headers in this list, they are trusted automatically.

The default is:

which is an alternative/shorter way of writing this:

The accepted values are:

The header groups are processed in the order they are defined. If the header containing IP is present and is non-empty, this group will be selected and further ones will be ignored.

You can add support for custom headers and/or change priority:

For protocol, it's also possible to resolve non-standard values via mapping:

or via callable:

It's also a good idea to limit default header groups to the only guaranteed sources of data:

Typical forwarded headers

List of headers that are considered related to forwarding.

The default is:

The headers that are present in this list but missing in a matching forwarded header group will be deleted from request because they are potentially not secure and likely were not passed by a proxy server.

For example, with default forwarded header groups' setup used as well:

and with the following request headers passed:

middleware will remove these headers from request:

because RFC group is matching and the rest can't be trusted. The headers that are not declared as typical forwarded headers will be left as is (Non-Forwarded in the example above).

Accessing resolved data

Resolved IP is saved to a special request's attribute:

There is an additional attribute allowing to retrieve all previous validated and trusted connection chain items. It needs explicit configuration:

An example of contents:

Reverse-obfuscating IP identifier

You may extend middleware class and provide reverse-obfuscating logic for obfuscated IP identifiers:

Documentation

If you need help or have a question, the Yii Forum is a good place for that. You may also check out other Yii Community Resources.

License

The Yii Proxy Middleware is free software. It is released under the terms of the BSD License. Please see LICENSE for more information.

Maintained by Yii Software.

Support the project

Open Collective

Follow updates

Official website Twitter Telegram Facebook Slack

All versions of proxy-middleware with dependencies

PHP Build Version
Package Version
Requires php Version ^8.0
ext-filter Version *
psr/http-message Version ^1.0|^2.0
psr/http-server-handler Version ^1.0
psr/http-server-middleware Version ^1.0
yiisoft/http Version ^1.2
yiisoft/network-utilities Version ^1.1
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package yiisoft/proxy-middleware contains the following files

Loading the files please wait ....