[TYPO3-dev] Reinventing getIndpEnv() to support reverse proxys + SSL proxys
Martin Kutschker
martin.kutschker-n0spam at no5pam-blackbox.net
Sat Feb 16 17:27:22 CET 2008
Henning Pingel schrieb:
> Hi Masi,
>
> On my local harddisc I'm experimenting with a bunch of homebrew
> configuration variables for reverse proxy support. This is I think the
> least amount of configuration we need to support reverse and ssl proxys
> properly:
>
> $TYPO3_CONF_VARS['SYS']['revProxy_approveProxyRequests'] = true;
> $TYPO3_CONF_VARS['SYS']['revProxy_useHTTPS'] = true;
> $TYPO3_CONF_VARS['SYS']['revProxy_forceBackendAccessViaProxy'] = true;
> $TYPO3_CONF_VARS['SYS']['revProxy_limitUserAccessByIP'] = true;
> $TYPO3_CONF_VARS['SYS']['revProxy_validUserIPs'] = '123.123.123.123';
> $TYPO3_CONF_VARS['SYS']['revProxy_validProxyHostNameList'] =
> 'proxy1.tld, proxy2.tld, proxy3.tld';
> $TYPO3_CONF_VARS['SYS']['revProxy_validProxyIPList'] =
> '192.168.1.111, 192.168.1.112, 192.168.1.113';
>
> This is just to show that I think finding a general solution for reverse
> and SSL proxys is quite complex and likely to be buggy.
Quite a number of options. But to me at least three of them are access
control settings, which have little to with the proxy:
revProxy_limitUserAccessByIP
revProxy_validUserIPs
And I wonder why you have them. I didn't use it but AFAIK TYPO3 already
has an IP check for BE users.
revProxy_forceBackendAccessViaProxy
This is interesting, but probably doesn't belong to getIndpEnv(). I
didn't look at your code, but you'll probably have added a TYPO_PROXY
variable similar to TYPO3_SSL, right?
revProxy_validProxyHostNameList
revProxy_validProxyIPList
Why two of them? Isn't the IP list enough?
revProxy_approveProxyRequests
I don't get the meaning of this one.
Masi
More information about the TYPO3-dev
mailing list