Warning: This page has not been updated in over over a year and may be outdated or deprecated.
administration:security
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
administration:security [2020/07/23 16:47] – demiankatz | administration:security [2020/08/31 14:40] – [Proxies and IP Authentication] demiankatz | ||
---|---|---|---|
Line 67: | Line 67: | ||
If you rely on IP authentication for setting VuFind permissions, | If you rely on IP authentication for setting VuFind permissions, | ||
- | Starting with VuFind 7.0.1, the config.ini [Proxy] section contains an allow_forwarded_ips setting which can be used to control how VuFind identifies IP addresses based on HTTP headers. The full details on configuration | + | It may be possible |
- | By default, all IP-forwarding headers are ignored, but by turning on allow_forwarded_ips, | + | In case this approach is not possible, starting with VuFind 7.0.1, the config.ini [Proxy] section contains allow_forwarded_ips and forwarded_ip_filter settings which can be used to control how VuFind identifies IP addresses based on HTTP headers. The full details on configuration options can be found in the comments in that file. |
+ | |||
+ | By default, all IP-forwarding headers are ignored, but by turning on allow_forwarded_ips, | ||
If you plan to use this feature, you should install one of the many available browser plugins for editing HTTP headers, and determine exactly how your proxy behaves when receiving falsified headers. (A quick way to do to this is to var_dump the $_SERVER superglobal in a PHP script that you can access through your proxy). Based on this information, | If you plan to use this feature, you should install one of the many available browser plugins for editing HTTP headers, and determine exactly how your proxy behaves when receiving falsified headers. (A quick way to do to this is to var_dump the $_SERVER superglobal in a PHP script that you can access through your proxy). Based on this information, |
administration/security.txt · Last modified: 2024/05/16 10:58 (external edit)