Description

At the moment, when using a proxy like Cloudflare, we have to setup manually the list of IP to trust based on what is documented here: https://www.cloudflare.com/ips-v4/

    # See https://www.cloudflare.com/ips-v4/#
    trusted_proxies: '173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22'

This cause multiple issues:

• I don't know which IP are from Cloudflare, which are from another proxy I may have
• I don't really know if this list if up to date
• It's rarely updated by developers anyway, but Cloudflare and other proxy are free to add and remove IP, leaving a trusted IP here can be a security risk.

I would be really convenient to leave this burden to the framework and be able to just automatically thrust Cloudflare and other proxies. The framework would be responsible of the IP list and upgrading our Symfony would also make sure the list is up to date.

Example

It could be like this:

    trusted_proxies: 'CLOUDFLARE,128.13.44.44/12'

Expanding to the full IP list from Cloudflare + 128.13.44.44/12.

Other public proxies could be added over time like Akamai, CloudFront, Fastly, redirection.io...