Warning: This page has not been updated in over over a year and may be outdated or deprecated.
administration:security
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
administration:security [2020/08/31 14:40] – [Proxies and IP Authentication] demiankatz | administration:security [2022/10/18 17:03] – [Securing User Credentials] demiankatz | ||
---|---|---|---|
Line 67: | Line 67: | ||
If you rely on IP authentication for setting VuFind permissions, | If you rely on IP authentication for setting VuFind permissions, | ||
- | It may be possible to work around this problem through careful configuration of your proxy and use of the [[https:// | + | It may be possible to work around this problem through careful configuration of your proxy (e.g. by making it filter out these headers from incoming requests) |
In case this approach is not possible, starting with VuFind 7.0.1, the config.ini [Proxy] section contains allow_forwarded_ips and forwarded_ip_filter settings which can be used to control how VuFind identifies IP addresses based on HTTP headers. The full details on configuration options can be found in the comments in that file. | In case this approach is not possible, starting with VuFind 7.0.1, the config.ini [Proxy] section contains allow_forwarded_ips and forwarded_ip_filter settings which can be used to control how VuFind identifies IP addresses based on HTTP headers. The full details on configuration options can be found in the comments in that file. | ||
Line 78: | Line 78: | ||
VuFind stores some user information in its database. | VuFind stores some user information in its database. | ||
+ | |||
+ | When using some [[configuration: | ||
===== Using a Content Security Policy ===== | ===== Using a Content Security Policy ===== | ||
Line 83: | Line 85: | ||
Starting with VuFind 7.0, you can configure a [[administration: | Starting with VuFind 7.0, you can configure a [[administration: | ||
---- struct data ---- | ---- struct data ---- | ||
+ | properties.Page Owner : | ||
---- | ---- | ||
administration/security.txt · Last modified: 2024/05/22 17:27 by demiankatz