BB-20309: Updated allowed Payflow IP addresses (#29052)

Author: oro-panasiukr

backend/bundles/commerce/PayPalBundle/index.rst

@@ -0,0 +1,37 @@
+.. _bundle-docs-commerce-paypal-bundle:
+
+OroPayPalBundle
+===============
+
+OroPayPalBundle adds |PayPal| integration to the OroCommerce application. For the OroCommerce management console administrator, the bundle provides the ability to enable and configure PayPal payment methods for customer orders. Once PayPal payment methods are enabled, customer users can pay for orders using their existing PayPal account or credit and debit cards.
+
+Testing PayPal Response
+-----------------------
+
+The process of purchasing through PayPal Payments Pro or Payflow Gateway includes listening to a notify response from PayPal servers. To make payments more secure, we have implemented the IP address filtering which only accepts responses from the PayPal server addresses` white list. The white list itself is stored in the *PayflowIPCheckListener* class by default.
+
+For this IP check to work, the bundle has to be able to resolve the IP address from the request that is coming from a PayPal server. This is usually the case in the production environment when you have your server exposed to the internet.
+
+To test the payments on the developer machine, you can use some kind of tunneling service, for example |Ngrok|. However, there can be some issues with the tunneling services. They tend to put the original request IP address in the header (e.g., `X-Forwarded-For`), and Symfony doesn't resolve this address as client IP by default.
+
+Luckily, there is a way for Symfony to do that by enabling trusted proxies. For the detailed explanation, refer to |How to Configure Symfony to Work behind a Load Balancer or a Reverse Proxy|.
+
+IP Address Whitelist Settings
+-----------------------------
+
+To change whitelist of IP addresses, define it in the ``oro_paypal`` section with the ``allowed_ips`` property:
+
+.. code-block:: yaml
+   :linenos:
+
+   oro_paypal:
+      allowed_ips:
+         - 255.255.255.1
+         - 255.255.255.2
+         - 255.255.255.3
+         - 255.255.254.0/24
+         - 2001:db8::85a3:0:8a2e:370:7334,
+         - 2001:db8::85a3:0:8a2e:370:7334/64
+
+.. include:: /include/include-links-dev.rst
+   :start-after: begin

backend/bundles/index.rst

@@ -59,6 +59,7 @@ All documentation that relates to OroCommerce-specific bundles is collected belo
    ":ref:`FrontendBundle <bundle-docs-commerce-customer-portal-frontend-bundle>`", "**T**"
    "**I**", ":ref:`TaxBundle <bundle-docs-commerce-tax-bundle>`"
    ":ref:`InventoryBundle <bundle-docs-commerce-inventory-bundle>`"
+   ":ref:`PayPalBundle <bundle-docs-commerce-paypal-bundle>`"
 
 
 .. toctree::
@@ -140,6 +141,7 @@ All documentation that relates to OroCommerce-specific bundles is collected belo
    FrontendBundle <commerce/FrontendBundle/index>
    InventoryBundle <commerce/InventoryBundle/index>
    OrderBundle <commerce/OrderBundle/index>
+   PayPalBundle <commerce/PayPalBundle/index>
    PricingBundle <commerce/PricingBundle/index>
    ProductBundle <commerce/ProductBundle/index>
    SEOBundle <commerce/SEOBundle/index>

include/include-links-dev.rst

@@ -171,6 +171,14 @@ Links (Dev)
 
    <a href="https://github.com/tjko/jpegoptim" target="_blank">jpegoptim</a>
 
+.. |PayPal| raw:: html
+
+   <a href="https://www.paypal.com/" target="_blank">PayPal</a>
+
+.. |Ngrok| raw:: html
+
+   <a href="https://ngrok.com" target="_blank">Ngrok</a>
+
 .. |MySQL| raw:: html
 
    <a href="https://www.mysql.com/" target="_blank">MySQL</a>
@@ -736,6 +744,10 @@ Links (Dev)
 
    <a href="https://symfony.com/doc/4.4/index.html" target="_blank">Symfony documentation</a>
 
+.. |How to Configure Symfony to Work behind a Load Balancer or a Reverse Proxy| raw:: html
+
+   <a href="https://symfony.com/doc/4.4/deployment/proxies.html" target="_blank">How to Configure Symfony to Work behind a Load Balancer or a Reverse Proxy</a>
+
 .. |Symfony applications| raw:: html
 
    <a href="https://symfony.com/doc/4.4/introduction/http_fundamentals.html#the-symfony-application-flow" target="_blank">Symfony applications </a>