Bug #94113: Trusted SERVER_NAME check is broken when a HTTPS broker proxies requests to a HTTP backend - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #94113

closed

Trusted SERVER_NAME check is broken when a HTTPS broker proxies requests to a HTTP backend

Added by Benjamin Franzke almost 3 years ago. Updated over 2 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Benjamin Franzke

Category:

System/Bootstrap/Configuration

Target version:

next-patchlevel

Start date:

2021-05-11

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

PHP Version:

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

Scenario: * Proxy Server HTTPS (SSL termination) => Port 443 * Application Server HTTP => Port 80 * Default trustedHostsPattern configuration (GeneralUtility::ENV_TRUSTED_HOSTS_PATTERN_SERVER_NAME)

https://mydomain.com (e.g. via nginx server) -> proxied to apache backend -> http://10.0.0.1/

Proxy configuration like:

location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_pass http://10.0.0.1;
}

Because of the HOST_NAME verification that consideres the proxy port is equal to the local webserver port, such configurations currently need to configure a slow custom trustedHostsPattern, although 'mydomain.com' is the correct SERVER_NAME.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #94113

Trusted SERVER_NAME check is broken when a HTTPS broker proxies requests to a HTTP backend

Updated by Gerrit Code Review almost 3 years ago

Updated by Gerrit Code Review almost 3 years ago

Updated by Gerrit Code Review almost 3 years ago

Updated by Gerrit Code Review almost 3 years ago

Updated by Benjamin Franzke almost 3 years ago

Updated by Benni Mack over 2 years ago