Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Obsolete
Priority: Medium
Fix Version/s: None
Affects Version/s: 5.2, 5.3-dev
Component/s: Documentation, Platform stack
Labels:
None

Description

eZ Publish documentation at https://confluence.ez.no/display/EZP52/Virtual+host+setup specifies that trusted_proxies may be set using hostname:

    # Defines the proxies to trust.
    # Separate entries by a comma
    # Example: "proxy1.example.com,proxy2.example.org"
    # By default, no trusted proxies are set
    #SetEnv TRUSTED_PROXIES "127.0.0.1"

However, symfony's FragmentListener seems to expect IP addresses to be used - if hostnames are used, fragment sub-requests will not be considered secure (and will fallback to checking the hash signature).

see also https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpKernel/EventListener/FragmentListener.php

Steps to reproduce:

(an address other than 127.0.0.1 must be used to perform the request)

Using IP address:

1. configure TRUSTED_PROXIES variable with the proxy server/client IP.
2. restart apache if needed.
3. From this IP, access http://ezpublish52.local/_fragment?_path=_format%3Dhtml%26_locale%3Den_GB%26_controller%3DeZDemoBundle%253ADemo%253AuserLinks
4. Verify that the fragment is generated/output correctly.

Using hostname:

1. modify TRUSTED_PROXIES to use a hostname instead.
2. restart apache if needed.
3. access the url above
4. The result status should now be "500 Internal Server Error"

Attachments

Issue Links

relates to

EZP-22088 Using Varnish confluence documentation is incomplete

Closed

EZP-22073 serialized_siteaccess can cause urls that are too long for Hinclude sub-requests.

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Joao Inacio (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11/Dec/13 12:55 PM

Updated:: 30/Aug/16 11:55 AM

Resolved:: 30/Aug/16 11:55 AM