Homec4science
Diffusion invenio-infoscience 769466a3ec92

WebStyle: new CFG_WEBSTYLE_REVERSE_PROXY_IPS
769466a3ec92
Actions

Authored by Samuele Kaplun <samuele.kaplun@cern.ch> on Dec 13 2011, 12:08.

Description

WebStyle: new CFG_WEBSTYLE_REVERSE_PROXY_IPS

  • In a multinode configuration with an HTTP reverse proxy node sitting in front of worker nodes that may also be available on public Internet, it is possible to forge HTTP headers in order to spoof IP address. By correctly setting the new variable CFG_WEBSTYLE_REVERSE_PROXY_IPS, the worker nodes will read forwarded IP addresses only if the actual request is coming from the recognized reverse proxy nodes.

Co-authored-by: Tibor Simko <tibor.simko@cern.ch>

Details

Committed
Tibor Simko <tibor.simko@cern.ch>Dec 20 2011, 13:33
Parents
R3600:b85da374b1e2: I18N: periodical general update of PO files
Branches
Unknown
Tags
Unknown

Event Timeline

Tibor Simko <tibor.simko@cern.ch> committed R3600:769466a3ec92: WebStyle: new CFG_WEBSTYLE_REVERSE_PROXY_IPS (authored by Samuele Kaplun <samuele.kaplun@cern.ch>).Dec 20 2011, 13:33

Changes (3)

Path
Mconfig/invenio.conf
Mmodules/miscutil/lib/inveniocfg.py
Mmodules/webstyle/lib/webinterface_handler_wsgi.py

R3600:769466a3ec92

View Options

config/invenio.conf

Loading...
View Options

modules/miscutil/lib/inveniocfg.py

Loading...
View Options

modules/webstyle/lib/webinterface_handler_wsgi.py

Loading...
c4science ยท Help