Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-22074

Documentation: cannot use hostnames in TRUSTED_PROXIES, only IP addresses (sub-request issues)

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Medium
    • Resolution: Obsolete
    • 5.2, 5.3-dev
    • None
    • None

    Description

      eZ Publish documentation at https://confluence.ez.no/display/EZP52/Virtual+host+setup specifies that trusted_proxies may be set using hostname:

          # Defines the proxies to trust.
          # Separate entries by a comma
          # Example: "proxy1.example.com,proxy2.example.org"
          # By default, no trusted proxies are set
          #SetEnv TRUSTED_PROXIES "127.0.0.1"
      

      However, symfony's FragmentListener seems to expect IP addresses to be used - if hostnames are used, fragment sub-requests will not be considered secure (and will fallback to checking the hash signature).

      see also https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpKernel/EventListener/FragmentListener.php

      Steps to reproduce:

      (an address other than 127.0.0.1 must be used to perform the request)

      Using IP address:

      1. configure TRUSTED_PROXIES variable with the proxy server/client IP.
      2. restart apache if needed.
      3. From this IP, access http://ezpublish52.local/_fragment?_path=_format%3Dhtml%26_locale%3Den_GB%26_controller%3DeZDemoBundle%253ADemo%253AuserLinks
      4. Verify that the fragment is generated/output correctly.

      Using hostname:

      1. modify TRUSTED_PROXIES to use a hostname instead.
      2. restart apache if needed.
      3. access the url above
      4. The result status should now be "500 Internal Server Error"

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              joao.inacio-obsolete@ez.no Joao Inacio (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: