[TYPO3-dev] Reinventing getIndpEnv() to support reverse proxys + SSL proxys

[Martin Kutschker]

Henning Pingel schrieb:
> Hi Masi,
> 
> On my local harddisc I'm experimenting with a bunch of homebrew
> configuration variables for reverse proxy support. This is I think the
> least amount of configuration we need to support reverse and ssl proxys
> properly:
> 
> $TYPO3_CONF_VARS['SYS']['revProxy_approveProxyRequests'] = true;
> $TYPO3_CONF_VARS['SYS']['revProxy_useHTTPS'] = true;
> $TYPO3_CONF_VARS['SYS']['revProxy_forceBackendAccessViaProxy'] = true;
> $TYPO3_CONF_VARS['SYS']['revProxy_limitUserAccessByIP'] = true;
> $TYPO3_CONF_VARS['SYS']['revProxy_validUserIPs'] = '123.123.123.123';
> $TYPO3_CONF_VARS['SYS']['revProxy_validProxyHostNameList'] =
>   'proxy1.tld, proxy2.tld, proxy3.tld';
> $TYPO3_CONF_VARS['SYS']['revProxy_validProxyIPList'] =
>   '192.168.1.111, 192.168.1.112, 192.168.1.113';
> 
> This is just to show that I think finding a general solution for reverse
> and SSL proxys is quite complex and likely to be buggy.

Quite a number of options. But to me at least three of them are access 
control settings, which have little to with the proxy:

revProxy_limitUserAccessByIP
revProxy_validUserIPs

And I wonder why you have them. I didn't use it but AFAIK TYPO3 already 
has an IP check for BE users.

revProxy_forceBackendAccessViaProxy

This is interesting, but probably doesn't belong to getIndpEnv(). I 
didn't look at your code, but you'll probably have added a TYPO_PROXY 
variable similar to TYPO3_SSL, right?

revProxy_validProxyHostNameList
revProxy_validProxyIPList

Why two of them? Isn't the IP list enough?

revProxy_approveProxyRequests

I don't get the meaning of this one.

Masi