[TYPO3-core] trustedHostsPattern
Michael Schams
typo3.lists at 2014.trash.schams.net
Thu May 22 14:42:08 CEST 2014
On 22/05/14 22:00, François Suter wrote:
>> All in all, what I miss in the error message (or in some error log if
>> info is sensible) is a detailed description of why it failed. For the
>> 8080 port for instance, I totally forgot about this special port and had
>> to debug the exception thrown to understand why it failed and thus how
>> best I should solve it.
>
> We could add a note about this in the Security Guide and point people to
> it. But I would need detailed information about what to write first. It
> would help if people shared their experience here: what values did they
> use, in particular which regular expressions?
I suspect, this is one of these cases, where an explanation of
configuration options and typical use cases could fit into the Security
Guide, but also (and maybe better) in the "Installation and Upgrade Guide".
My view of the Security Guide is, that it aims to provide information
focused on security ("What can/should I do to ensure, that my TYPO3 CMS
instance is secure?").
If someone sets up TYPO3 in a non-typical way, e.g. flexible SSL with
CloudFlare, nginx as a proxy server, CDN, etc. and issues occur, I would
assume, he/she would not look into the Security Guide, but the
Installation Guide ("Something is wrong with my setup! Which document
explains, how to setup TYPO3 with a proxy server?").
However, I really like the idea of explaining the 'trustedHostsPattern'
setting in general in the Security Guide and outline, what you should or
should not configure to achieve a secure TYPO3 setup.
I just opened a ticket, so we can gather some suggestions:
http://forge.typo3.org/issues/59030
Cheers
Michael
More information about the TYPO3-team-core
mailing list