[TYPO3-core] RFC: allow access from private nets
Dmitry Dulepov
dima at spamcop.net
Thu Apr 20 11:19:33 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
Martin Kutschker wrote:
> The code in typo3/install/index.php checks if the access comes from
> localhost (127.0.0.1) or from the private net class C (192.168.0.0).
>
> But it prevents access from private nets of class A (10.0.0.0) or B
> (172.16.0.0).
>
> See http://www.faqs.org/rfcs/rfc1918.html.
>
> BT: http://bugs.typo3.org/view.php?id=3161
>
> Solution add this to the check:
>
> substr($_SERVER['REMOTE_ADDR'],0,3)!='10.' &&
> substr($_SERVER['REMOTE_ADDR'],0,7)!='172.16.'
>
> I think there are other checks for 192.168.* which should be changed
> accordingly.
Looks ok for me but one thing came to my mind. Probably I am wrong but I
better ask here...
Imagine that there is the following network configuration:
|Internet -> w.x.y.z | ->
|a.b.c.d <- Forwarding web proxy/fiewall -> 10.0.0.1 | ->
|10.0.0.2 <- Real web server |
What real web server see as REMOTE_ADDR? Will it be always 10.0.0.1 or
not? If yes, check in install tool will always pass, even for Internet
connection.
Dmitry.
- --
"It is our choices, that show what we truly are,
far more than our abilities." (A.P.W.B.D.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iD8DBQFER1IlRVcYnKJ8N6kRAt5CAJ98cWHobIJgPHoK8FuJ1648w9UnqgCeKkRU
CMmJ0T5I2UdnXfb+0zJcgrQ=
=TNG1
-----END PGP SIGNATURE-----
More information about the TYPO3-team-core
mailing list