Skip to content

Commit

Permalink
Item14380: Don't check proxy config in CLI environment
Browse files Browse the repository at this point in the history 
Need to be in a valid web environment for any proxy detection to make
any sense.
  • Loading branch information
@gac410
gac410 committed Apr 1, 2018
1 parent 5bd1182 commit 3659382
Show file tree
Hide file tree
Showing 5 changed files with 106 additions and 82 deletions.
33 changes: 19 additions & 14 deletions core/lib/Foswiki/Configure/Checkers/DefaultUrlHost.pm
View file
Expand Up @@ -22,31 +22,36 @@ sub check_current_value {
);
}

# Probe the connection in bootstrap mode:
my ( $client, $protocol, $host, $port, $proxy ) =
Foswiki::Engine::_getConnectionData(1);
$port = ( $port && $port != 80 && $port != 443 ) ? ":$port" : '';
if ( defined $Foswiki::cfg{Engine}
&& substr( $Foswiki::cfg{Engine}, -3 ) eq 'CLI' )
{

my $detected = $protocol . '://' . $host . $port;
# Probe the connection in bootstrap mode:
my ( $client, $protocol, $host, $port, $proxy ) =
Foswiki::Engine::_getConnectionData(1);
$port = ( $port && $port != 80 && $port != 443 ) ? ":$port" : '';

if ( $Foswiki::cfg{DefaultUrlHost} !~ m#\Q$detected\E#i
&& $Foswiki::cfg{PermittedRedirectHostUrls} !~ m#\Q$detected\E#i )
{
$reporter->WARN(
my $detected = $protocol . '://' . $host . $port;

if ( $Foswiki::cfg{DefaultUrlHost} !~ m#\Q$detected\E#i
&& $Foswiki::cfg{PermittedRedirectHostUrls} !~ m#\Q$detected\E#i )
{
$reporter->WARN(
"Current setting does not match URL =$protocol://$host$port=, and it is not listed in ={PermittedRedirectHostUrls}="
);
$reporter->NOTE(
);
$reporter->NOTE(
"If the URL hostname is correct, set this to =$protocol//$host$port= "
. 'If this setting and the URL are both correct, you could also add the URL to the \'expert setting\' =PermittedRedirectHostUrls=.'
);
. 'If this setting and the URL are both correct, you could also add the URL to the \'expert setting\' =PermittedRedirectHostUrls=.'
);
}
}
}

1;
__END__
Foswiki - The Free and Open Source Wiki, http://foswiki.org/
Copyright (C) 2008-2017 Foswiki Contributors. Foswiki Contributors
Copyright (C) 2008-2018 Foswiki Contributors. Foswiki Contributors
are listed in the AUTHORS file in the root of this distribution.
NOTE: Please extend that file, not this notice.
Expand Down
39 changes: 22 additions & 17 deletions core/lib/Foswiki/Configure/Checkers/ForceDefaultUrlHost.pm
View file
Expand Up @@ -10,24 +10,29 @@ our @ISA = ('Foswiki::Configure::Checker');
sub check_current_value {
my ( $this, $reporter ) = @_;

# Probe the connection in bootstrap mode:
my ( $client, $protocol, $host, $port, $proxy ) =
Foswiki::Engine::_getConnectionData(1);

if ($proxy) {
if ( !$Foswiki::cfg{PROXY}{UseForwardedHeaders}
&& !$Foswiki::cfg{ForceDefaultUrlHost} )
{
$reporter->WARN(
if ( defined $Foswiki::cfg{Engine}
&& substr( $Foswiki::cfg{Engine}, -3 ) eq 'CLI' )
{

# Probe the connection in bootstrap mode:
my ( $client, $protocol, $host, $port, $proxy ) =
Foswiki::Engine::_getConnectionData(1);

if ($proxy) {
if ( !$Foswiki::cfg{PROXY}{UseForwardedHeaders}
&& !$Foswiki::cfg{ForceDefaultUrlHost} )
{
$reporter->WARN(
'It appears you may be running from behind a proxy. =ForceDefaultUrlHost= is the recommended setting.'
);
}
elsif ($Foswiki::cfg{PROXY}{UseForwardedHeaders}
&& $Foswiki::cfg{ForceDefaultUrlHost} )
{
$reporter->WARN(
);
}
elsif ($Foswiki::cfg{PROXY}{UseForwardedHeaders}
&& $Foswiki::cfg{ForceDefaultUrlHost} )
{
$reporter->WARN(
'Both ={PROXY}{UseForwardedHeaders}= and ={ForceDefaultUrlHost}= are enabled. ={ForceDefaultUrlHost}= will override any Forwarded headers'
);
);
}
}
}
}
Expand All @@ -36,7 +41,7 @@ sub check_current_value {
__END__
Foswiki - The Free and Open Source Wiki, http://foswiki.org/
Copyright (C) 2016 Foswiki Contributors. Foswiki Contributors
Copyright (C) 2016-2018 Foswiki Contributors. Foswiki Contributors
are listed in the AUTHORS file in the root of this distribution.
NOTE: Please extend that file, not this notice.
Expand Down
36 changes: 20 additions & 16 deletions core/lib/Foswiki/Configure/Checkers/PROXY/UseForwardedFor.pm
View file
Expand Up @@ -10,37 +10,41 @@ our @ISA = ('Foswiki::Configure::Checker');
sub check_current_value {
my ( $this, $reporter ) = @_;

my ( $client, $protocol, $host, $port, $proxy ) =
Foswiki::Engine::_getConnectionData(1);
if ( defined $Foswiki::cfg{Engine}
&& substr( $Foswiki::cfg{Engine}, -3 ) eq 'CLI' )
{
my ( $client, $protocol, $host, $port, $proxy ) =
Foswiki::Engine::_getConnectionData(1);

if ($proxy) {
if ($proxy) {

if ( $Foswiki::cfg{PROXY}{UseForwardedFor} ) {
$reporter->WARN(
if ( $Foswiki::cfg{PROXY}{UseForwardedFor} ) {
$reporter->WARN(
"Be sure you trust the proxy server. Clients can use this header to spoof their IP addresses."
);
}
else {
$reporter->WARN(
"Proxy detected, Enable this switch if Foswiki should use the =X-Forwarded-For= header to obtain the real client IP address."
);
}
$reporter->NOTE(
"Remote Address is $ENV{REMOTE_ADDR}, Real client IP is =$client=."
);
}
else {
elsif ( $Foswiki::cfg{PROXY}{UseForwardedFor} ) {
$reporter->WARN(
"Proxy detected, Enable this switch if Foswiki should use the =X-Forwarded-For= header to obtain the real client IP address."
"You have enabled ={PROXY}{UseForwardedFor}= but a proxy was not detected. The =X-Forwarded-For= header can be used by clients to mask their real IP address. Be sure this is what you want to do."
);
}
$reporter->NOTE(
"Remote Address is $ENV{REMOTE_ADDR}, Real client IP is =$client=."
);
}
elsif ( $Foswiki::cfg{PROXY}{UseForwardedFor} ) {
$reporter->WARN(
"You have enabled ={PROXY}{UseForwardedFor}= but a proxy was not detected. The =X-Forwarded-For= header can be used by clients to mask their real IP address. Be sure this is what you want to do."
);
}
}

1;
__END__
Foswiki - The Free and Open Source Wiki, http://foswiki.org/
Copyright (C) 2008-2017 Foswiki Contributors. Foswiki Contributors
Copyright (C) 2008-2018 Foswiki Contributors. Foswiki Contributors
are listed in the AUTHORS file in the root of this distribution.
NOTE: Please extend that file, not this notice.
Expand Down
52 changes: 28 additions & 24 deletions core/lib/Foswiki/Configure/Checkers/PROXY/UseForwardedHeaders.pm
View file
Expand Up @@ -10,48 +10,52 @@ our @ISA = ('Foswiki::Configure::Checker');
sub check_current_value {
my ( $this, $reporter ) = @_;

my ( $client, $protocol, $host, $port, $proxy ) =
Foswiki::Engine::_getConnectionData(1);
if ( defined $Foswiki::cfg{Engine}
&& substr( $Foswiki::cfg{Engine}, -3 ) eq 'CLI' )
{
my ( $client, $protocol, $host, $port, $proxy ) =
Foswiki::Engine::_getConnectionData(1);

if ($proxy) {
if ($proxy) {

$reporter->NOTE(
$reporter->NOTE(
"Proxy server detected. Proxy URL is $protocol://$host:$port. Local server name is $ENV{HTTP_HOST}"
);
);

if ( $Foswiki::cfg{PROXY}{UseForwardedHeaders} ) {
$reporter->WARN(
if ( $Foswiki::cfg{PROXY}{UseForwardedHeaders} ) {
$reporter->WARN(
"Note that =ForceDefaultUrlHost= is a more secure setting for supporting a reverse proxy. "
);
}
else {
$reporter->NOTE(
);
}
else {
$reporter->NOTE(
'This setting should be enabled if there are multiple proxy servers or there is a mix of proxied and non-proxied clients.'
);
);
}
}
}
else {
if ( $Foswiki::cfg{PROXY}{UseForwardedHeaders} ) {
$reporter->WARN(
else {
if ( $Foswiki::cfg{PROXY}{UseForwardedHeaders} ) {
$reporter->WARN(
'You have enabled this setting, but no proxy is detected. Be sure this is what you want to do.'
);
);
}
}
}

if ( $Foswiki::cfg{ForceDefaultUrlHost}
&& $Foswiki::cfg{PROXY}{UseForwardedHeaders} )
{
$reporter->ERROR(
if ( $Foswiki::cfg{ForceDefaultUrlHost}
&& $Foswiki::cfg{PROXY}{UseForwardedHeaders} )
{
$reporter->ERROR(
'Both ={ForceDefaultUrlHost}= and ={PROXY}{UseForwardedHeaders}= are enabled. ={PROXY}{UseForwardedHeaders}= will be ignored.'
);
);
}
}
}

1;
__END__
Foswiki - The Free and Open Source Wiki, http://foswiki.org/
Copyright (C) 2008-2017 Foswiki Contributors. Foswiki Contributors
Copyright (C) 2008-2018 Foswiki Contributors. Foswiki Contributors
are listed in the AUTHORS file in the root of this distribution.
NOTE: Please extend that file, not this notice.
Expand Down
28 changes: 17 additions & 11 deletions core/lib/Foswiki/Configure/Checkers/PermittedRedirectHostUrls.pm
View file
Expand Up @@ -16,27 +16,33 @@ sub check_current_value {
Foswiki::Configure::Checkers::URL::checkURI( $reporter, $uri );
}

# Probe the connection in bootstrap mode:
my ( $client, $protocol, $host, $port, $proxy ) =
Foswiki::Engine::_getConnectionData(1);
$port = ( $port && $port != 80 && $port != 443 ) ? ":$port" : '';
if ( defined $Foswiki::cfg{Engine}
&& substr( $Foswiki::cfg{Engine}, -3 ) eq 'CLI' )

my $detected = $protocol . '://' . $host . $port;

if ( $Foswiki::cfg{DefaultUrlHost} !~ m#\Q$detected\E#i
&& $Foswiki::cfg{PermittedRedirectHostUrls} !~ m#\Q$detected\E#i )
{
$reporter->WARN(

# Probe the connection in bootstrap mode:
my ( $client, $protocol, $host, $port, $proxy ) =
Foswiki::Engine::_getConnectionData(1);
$port = ( $port && $port != 80 && $port != 443 ) ? ":$port" : '';

my $detected = $protocol . '://' . $host . $port;

if ( $Foswiki::cfg{DefaultUrlHost} !~ m#\Q$detected\E#i
&& $Foswiki::cfg{PermittedRedirectHostUrls} !~ m#\Q$detected\E#i )
{
$reporter->WARN(
"Current setting does not include =$protocol://$host$port=, and it is not the ={DefaultUrlHost}="
);
);
}
}
}

1;
__END__
Foswiki - The Free and Open Source Wiki, http://foswiki.org/
Copyright (C) 2008-2017 Foswiki Contributors. Foswiki Contributors
Copyright (C) 2008-2018 Foswiki Contributors. Foswiki Contributors
are listed in the AUTHORS file in the root of this distribution.
NOTE: Please extend that file, not this notice.
Expand Down

0 comments on commit 3659382

Please sign in to comment.