From 95389db47d60edaf0c1488477f8361e770ca08ac Mon Sep 17 00:00:00 2001
From: Dmitrii Chekaliuk <d.chekaliuk@invisilabs.com>
Date: Sat, 9 Mar 2013 04:09:48 +0200
Subject: [PATCH] Add information about CIDR notation support in trusted proxy
 list

---
 components/http_foundation/trusting_proxies.rst | 12 +++++++++---
 reference/configuration/framework.rst           | 10 +++++++---
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/components/http_foundation/trusting_proxies.rst b/components/http_foundation/trusting_proxies.rst
index efe0c83a446..9309c00f975 100644
--- a/components/http_foundation/trusting_proxies.rst
+++ b/components/http_foundation/trusting_proxies.rst
@@ -12,13 +12,19 @@ stored in a ``X-Forwarded-Host`` header.
 
 Since HTTP headers can be spoofed, Symfony2 does *not* trust these proxy
 headers by default. If you are behind a proxy, you should manually whitelist
-your proxy::
+your proxy.
+
+.. versionadded:: 2.3
+    CIDR notation support was introduced, so you can whitelist whole
+    subnets (e.g. ``10.0.0.0/8``, ``fc00::/7``).
+
+.. code-block:: php
 
     use Symfony\Component\HttpFoundation\Request;
 
     $request = Request::createFromGlobals();
-    // only trust proxy headers coming from this IP address
-    $request->setTrustedProxies(array(192.0.0.1));
+    // only trust proxy headers coming from this IP addresses
+    $request->setTrustedProxies(array('192.0.0.1', '10.0.0.0/8'));
 
 Configuring Header Names
 ------------------------
diff --git a/reference/configuration/framework.rst b/reference/configuration/framework.rst
index 0adc4abf598..409e02daeb6 100644
--- a/reference/configuration/framework.rst
+++ b/reference/configuration/framework.rst
@@ -118,23 +118,27 @@ trusted_proxies
 Configures the IP addresses that should be trusted as proxies. For more details,
 see :doc:`/components/http_foundation/trusting_proxies`.
 
+.. versionadded:: 2.3
+    CIDR notation support was introduced, so you can whitelist whole
+    subnets (e.g. ``10.0.0.0/8``, ``fc00::/7``).
+
 .. configuration-block::
 
     .. code-block:: yaml
 
         framework:
-            trusted_proxies:  [192.0.0.1]
+            trusted_proxies:  [192.0.0.1, 10.0.0.0/8]
 
     .. code-block:: xml
 
-        <framework:config trusted-proxies="192.0.0.1">
+        <framework:config trusted-proxies="192.0.0.1, 10.0.0.0/8">
             <!-- ... -->
         </framework>
 
     .. code-block:: php
 
         $container->loadFromExtension('framework', array(
-            'trusted_proxies' => array('192.0.0.1'),
+            'trusted_proxies' => array('192.0.0.1', '10.0.0.0/8'),
         ));
 
 .. _reference-framework-form: