Actions
Bug #94113
closedTrusted SERVER_NAME check is broken when a HTTPS broker proxies requests to a HTTP backend
Status:
Closed
Priority:
Should have
Assignee:
Category:
System/Bootstrap/Configuration
Target version:
Start date:
2021-05-11
Due date:
% Done:
100%
Estimated time:
TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:
Description
Scenario: * Proxy Server HTTPS (SSL termination) => Port 443 * Application Server HTTP => Port 80 * Default trustedHostsPattern configuration (GeneralUtility::ENV_TRUSTED_HOSTS_PATTERN_SERVER_NAME)
https://mydomain.com (e.g. via nginx server) -> proxied to apache backend -> http://10.0.0.1/
Proxy configuration like:
location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://10.0.0.1; }
Because of the HOST_NAME verification that consideres the proxy port is equal to the local webserver port, such configurations currently need to configure a slow custom trustedHostsPattern, although 'mydomain.com' is the correct SERVER_NAME.
Actions