Project

General

Profile

Actions
Copy link

Bug #92187

open

HTTP/HTTPS not correctly determined behind reverseProxy

Added by Thorben Nissen over 3 years ago. Updated 5 months ago.

Status:
Under Review
Priority:
Should have
Assignee:
-
Category:
System/Bootstrap/Configuration
Target version:
-
Start date:
2020-09-03
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

When using TYPO3 behind a reverse proxy with SSL termination and setting $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxySSL'] to '*' or any ip address, TYPO3 assumes, that the request is using HTTPS even though the proxy might have received it as HTTP. It should honor the X-Forwarded-Proto header, if set.

This effects all active versions (9, 10 and master).

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #29693: Respect HTTP_X_FORWARDED_PROTO in SSL checkRejectedMichael Stucki2011-09-12

Actions
Actions
Copy link
 #1

Updated by Gerrit Code Review over 3 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65550

Actions
Copy link
 #2

Updated by Christian Kuhn over 3 years ago

  • Related to Bug #29693: Respect HTTP_X_FORWARDED_PROTO in SSL check added
Actions
Copy link
 #3

Updated by Anja Leichsenring over 3 years ago

  • Status changed from Under Review to Rejected

as stated in the patch, this fix will not be accepted because it opens a security vulnerability.

Actions
Copy link
 #4

Updated by Christian Kuhn over 3 years ago

  • Status changed from Rejected to New
Actions
Copy link
 #5

Updated by Gerrit Code Review over 3 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65573

Actions
Copy link
 #6

Updated by Gerrit Code Review over 3 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65573

Actions
Copy link
 #7

Updated by Gerrit Code Review over 3 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65573

Actions
Copy link
 #8

Updated by Gerrit Code Review over 2 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65573

Actions
Copy link
 #9

Updated by Gerrit Code Review over 2 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65573

Actions
Copy link
 #10

Updated by Gerrit Code Review over 2 years ago

Patch set 6 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65573

Actions
Copy link
 #11

Updated by Gerrit Code Review 10 months ago

Patch set 7 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65573

Actions
Copy link
 #12

Updated by Gerrit Code Review 5 months ago

Patch set 8 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65573

Actions
Copy link

Also available in: Atom PDF