[TYPO3-core] trustedHostsPattern
Frans Saris
franssaris at gmail.com
Tue May 27 11:01:52 CEST 2014
Is it not okay to just set the trusted hosts param to .* for such setups as
the layers in front of the webserver make sure only the correct requests
come through?
Gr. Frans
Op 27 mei 2014 10:25 schreef "JoH asenau" <info at cybercraft.de>:
> HTTP_HOST
>>> redaktion.domain.tld
>>> SERVER_NAME
>>> redaktion.domain.tld
>>> SERVER_PORT
>>> 17101
>>> REQUEST_URI
>>> /typo3/install/index.php?TYPO3_INSTALL[type]=phpinfo
>>> REMOTE_ADDR
>>> 10.91.65.199
>>>
>>
>> I'm still wondering what setup create such result. You are requesting on
>> port 80 but SERVER_PORT is set to 17101 ...
>>
>
> Well - yes and no ;-)
>
> No server is listening on port 80, since the setup is based on so called
> transparent proxies - at least this is what our admin told me - so incoming
> requests are on port 80n until they hit the load balancer. Then the target
> ports are set by the load balancers, so the incoming request for the server
> is already using the desired port depending on, which server the balancers
> sent the request to. Actually each server for a certain domain is listening
> on the same port, but we could even have different ports for the same
> domain, i.e. to make sure the requests will always hit the same server once
> the connection has been established for the first time.
>
> Now when there is no trailing slash, the Nginx rewrite rule is set to
> redirect to the same URL but with a trailing slash. And it seems that this
> just kind of "reveals" the port the server is running on by adding it to
> the domain, which is how we found out the solution by accident.
>
> So both
>
> blah.domain.tld/typo3/
>
> and
>
> blah.domain.tld:12345/typo3/
>
> are coming in on the same port on the server, but only the latter works
> with the default setting for trustedHostsPattern, which is SERVER_NAME but
> actually compares SERVER_NAME and SERVER_PORT according to the install tool
> label.
>
> HTH
>
> Joey
>
> --
> Wenn man keine Ahnung hat: Einfach mal Fresse halten!
> (If you have no clues: simply shut your gob sometimes!)
> Dieter Nuhr, German comedian
> Xing: http://contact.cybercraft.de
> Twitter: http://twitter.com/bunnyfield
> TYPO3 cookbook (2nd edition): http://www.typo3experts.com
> _______________________________________________
> Before posting to this list, please have a look to the posting rules
> on the following websites:
>
> http://typo3.org/teams/core/core-mailinglist-rules/
> http://typo3.org/development/bug-fixing/diff-and-patch/
> _______________________________________________
> TYPO3-team-core mailing list
> TYPO3-team-core at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-team-core
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20140527/2ed52c7a/attachment.htm>
More information about the TYPO3-team-core
mailing list