[TYPO3-dev] Solution for TYPO3 backend access via SSL Proxy
Henning Pingel
henningT3 at henningpingel.de
Tue Jan 9 22:29:05 CET 2007
Hi Oliver,
Oliver Hader schrieb:
> Hi Henning,
>
> please go to the bug-tracker [1] and open a new ticket as
> feature-request in the category "TYPO3 Core - Backend". There you can
> provide your changes in class.t3lib_div.php and whatever you had to
> change in the TYPO3 Core Files.
Thanks for your advice. I will definitely go to bugtracker soon (and add
my stuff to the bug 169 that Daniel told me about). I would be very
happy if the change could be integrated into TYPO3 core quickly, but my
concern is that this code change is of the kind that will have
difficulties to get agreed on by all core developers easily.
I liked the idea to provide an extension that can be used only by those
people who have the the urge to use the backend via an SSL proxy. In
that case the changed coding won't do no harm to other TYPO3 systems
that don't need it - and on the other hand it can be tested "in the
wild". But in fact it's technically not possible to provide an extension
for t3lib_div.
The main reasons I see why it will be difficult to get the change into
core are:
1) SSL Proxy Stuff is IMHO not well documented on the web. I'm not an
SSL expert in the first place and one doesn't find a lot of "official"
information about web server parameters like HTTP_VIA,
HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED_HOST or HTTP_X_FORWARDED_SERVER.
All I can tell is that my webhoster's server configuration puts the
mentioned parameters in the environment if a webpage is requested via
the SSL proxy. I know that my hoster uses Apache, but I for example
don't know if there is an Apache module involved to make this SSL Proxy
thing work. So if somebody has a webhoster based on IIS, the parameters
of the SSL Proxy in the environment might be different. All I can do is:
Change TYPO3 so that it works on my web space at Hosteurope. Than I can
describe what I did. But I don't know if it works for other scenarios
using other web server products the same way. I guess that's why it will
be difficult to get the change into the core quickly.
2) I think that SSL Proxy settings should be implemented into TYPO3 in a
way that they don't interfere with the normal SSL settings. Both should
work smoothly together in TYPO3. So for example an administrator of one
TYPO3 installation should be able to setup several websites: Some of
them are only using HTTP, some use "normal" SSL access with individual
certificates and others use this SSL proxy stuff. This is a complex task
that has to be tested a lot.
My conclusion is that I want to do two things: I will provide the code
change at the bugtracker and I will provide a little tutorial on how to
manually change t3lib_div for those users who don't want to wait for the
change getting implemented. Only those users who have a webhoster that
only offers a SSL proxy are really able to test the code change "live".
It is possible that it will take me some time (a week or two) to provide
the stuff I promised. This is due to my limited spare time and because I
want to improve the quality of my code.
I just created a web page on my website for the promised tutorial:
http://www.henningpingel.de/TYPO3-Backend-Via-SSL-Proxy.124.0.html
Cheers,
Henning
More information about the TYPO3-dev
mailing list