Details
-
Bug
-
Resolution: Done
-
High
-
2.3.2, 2.4.2, 2.5.0-rc2
-
None
-
Platform.sh
Fastly
Description
After https://jira.ez.no/browse/EZEE-2572 (using the tokens with Page Builder) in order to use Page Builder user has to log in inside Page Editor.
This is caused by mismatch between the IP that the client (user) is using and the IP the token is issue for, which is most likely caused by some proxy sitting between the user and the server.
Known workarounds:
- setting trusted proxies to "trust all" (https://symfony.com/doc/4.1/deployment/proxies.html#but-what-if-the-ip-of-my-reverse-proxy-changes-constantly) - NOT RECOMMENDED because of security reasons
OR - disabling the token authentication (reverting settings from: https://doc.ezplatform.com/en/2.4/releases/ez_platform_v2.4/#update-ez-enterprise-v24-to-v242) - removing the simple_preauth firewall and setting page_builder.token_authenticator.enabled to false
Known so far:
- the "unknown" IP address does not come from Fastly known addresses: https://docs.fastly.com/guides/securing-communications/accessing-fastlys-ip-ranges
- Platform.sh says that they are passing client's IP directly and setting trusted proxies should not be needed
Attachments
Issue Links
- relates to
-
EZEE-2572 Page Builder doesn't work with Map\Host matcher when SiteAccesses are configured for different domains
- Closed