Bug #37467

Updated by Sybille Peters over 3 years ago

The change introduced in TYPO3 4.5.16 as fix for bug #36004 (http://forge.typo3.org/projects/typo3v4-core/repository/revisions/2b40a5e2511d96bf2cdfa3cbbc969e154153c8ec) makes working in backend impossible for some HTTPS reverse-proxy configurations.  


  

 It may be a misconfiguration on our end, but as far as I can see, since the change HTTPS will only work with HTTPS via reverse proxy, if *X-Forwarded-For* X-Forwarded-For contains local and proxy IP and 'TYPO3_CONF_VARS']['SYS']['reverseProxyHeaderMultiValue' is set to "last" 

 <pre><code class="php"> 
  $['TYPO3_CONF_VARS']['SYS']['reverseProxyHeaderMultiValue' = "last"; 
 </code></pre> 


 Login to backend works, but then a network connections error is displayed (_"Verbindungsproblem ("Verbindungsproblem Bei dem Versuch eine Verbindung zum Server herzustellen ist ein Fehler aufgetreten. Bitte ├╝berpr├╝fen Sie Ihre Netzwerkverbindung."_) Netzwerkverbindung.") 

 Analyzing this shows that the changed line 4151 in class.t3lib_div.php has caused this problem:  

 older version:  

 <pre><code class="php"> 
 old: if (self::cmpIP($_SERVER['REMOTE_ADDR'], $proxySSL)) { 
 </code></pre> 

 newer version: 
 <pre><code class="php"> 
 new: if (self::cmpIP(self::getIndpEnv('REMOTE_ADDR'), $proxySSL)) { 

 $_SERVER['REMOTE_ADDR' is IP of reverse-proxy 
 </code></pre> 
 getIndpEnv('REMOTE_ADDR') returns local IP (uses X-Forwarded-For which contains only local IP)

Back