Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove default <proxy *> block #345

Merged
merged 1 commit into from
Sep 27, 2013
Merged

Remove default <proxy *> block #345

merged 1 commit into from
Sep 27, 2013

Conversation

igalic
Copy link
Contributor

@igalic igalic commented Sep 3, 2013

This is a horrible and generally useless default. Most people do not
use apache httpd as Forward proxy, and those who do, should explicitly
set an allow. That this is exactly what our new, and backward
compatible proxy config does, and allows, while widly simplifying the
reverse proxy configurations.

We add a test case for new proxy configuration to make sure this is
actually the case, and also fix a test case from a previious commit.

@igalic igalic mentioned this pull request Sep 3, 2013
Closed
blkperl
blkperl reviewed Sep 4, 2013
View reviewed changes
manifests/mod/proxy.pp
@@ -1,6 +1,6 @@
class apache::mod::proxy (
$proxy_requests = 'Off',
$allow_from = ['127.0.0.1','::1'],
$allow_from = UNDEF,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you mean to have a lowercase undef? Is changing the default going to be backwards compatible?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I probably meant undef, not UNDEF.

The idea with changing the default is to hand out more control: Now we can sensibly control access to reverse proxies too… Well.. on a server-wide-scale, but still.

@blkperl
Copy link
Contributor

blkperl commented Sep 24, 2013

Spec tests failed

@igalic
Copy link
Contributor Author

igalic commented Sep 24, 2013

I'll need to rebase this against master and look again. Good thing about this: By now I know how to write tests. Please expect an update to this branch RSN.

@igalic
Remove default <proxy *> block
7ccd1fc 
This is a horrible and generally useless default. Most people do *not*
use apache httpd as Forward proxy, and those who do, should explicitly
set an allow. That this is exactly what our new, and backward
compatible proxy config does, and allows, while widly simplifying the
reverse proxy configurations.

We add a test case for new proxy configuration to make sure this is
actually the case, and also fix a test case from a previious commit.
hunner added a commit that referenced this pull request Sep 27, 2013
@hunner
Merge pull request #345 from igalic/proxy_block
3d00b5d 
Remove default <proxy *> block
@hunner hunner merged commit 3d00b5d into puppetlabs:master Sep 27, 2013
@igalic igalic deleted the proxy_block branch November 14, 2013 14:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@igalic @blkperl @hunner @GSPatton