Merge branch '3.4' into 4.3

* 3.4:
  Add note on Trusted Proxies config when app is behind multiple proxies

Author: javiereguiluz

deployment/proxies.rst

@@ -76,6 +76,13 @@ That's it! It's critical that you prevent traffic from all non-trusted sources.
 If you allow outside traffic, they could "spoof" their true IP address and
 other information.
 
+If you are also using a reverse proxy on top of your load balancer (e.g.
+`CloudFront`_), calling ``$request->server->get('REMOTE_ADDR')`` won't be
+enough, as it will only trust the node sitting directly above your application
+(in this case your load balancer). You also need to append the IP addresses or
+ranges of any additional proxy (e.g. `CloudFront IP ranges`_) to the array of
+trusted proxies.
+
 Custom Headers When Using a Reverse Proxy
 -----------------------------------------
 
@@ -94,3 +101,4 @@ In this case, you'll need to set the header ``X-Forwarded-Proto`` with the value
 
 .. _`security groups`: http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html
 .. _`CloudFront`: https://en.wikipedia.org/wiki/Amazon_CloudFront
+.. _`CloudFront IP ranges`: https://ip-ranges.amazonaws.com/ip-ranges.json