Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rework and document IP ban management when behind a reverse proxy #1032

Closed
virtualtam opened this issue Dec 3, 2017 · 0 comments · Fixed by #1273
Closed

Rework and document IP ban management when behind a reverse proxy #1032

virtualtam opened this issue Dec 3, 2017 · 0 comments · Fixed by #1273
Assignees
@nodiscc
Labels
docker containers & cloud documentation enhancement security server
Milestone
0.11.0

Comments

@virtualtam
Copy link
Member

Relates to #1008 (comment)
Relates to #1010

@virtualtam wrote:

I'm not sure what to do for this specific point; according to my understanding of the login / ban mechanism, I'd expect this method to be on par with handleFailedLogin() as far as proxy handling is concerned:

  • the IP is not behind a trusted proxy:
    - current, expected: reset the ban counter for this IP
  • the IP is behind a trusted proxy but is not forwarded:
    - expected: do nothing
    - current: reset the ban counter for the proxy's IP
  • the IP is behind a trusted proxy and forwarded:
    - expected: reset the ban counter for the forwarded IP
    - current: reset the ban counter for the proxy's IP

@ArthurHoaro wrote:

Oh I didn't remember that. So, if I understand correctly, currently the ban mechanism is pretty useless if Shaarli is behind a reverse proxy, as the REMOTE_ADDR IP is always the proxy's one? It may be a good idea to expand a bit this comment and open a new issue?

TODO

  • Update documentation:
    • Shaarli configuration
    • Shaarli configuration when served behind a reverse proxy
    • Docker image usage
  • Rework IP banning and lifting when behind a reverse proxy
@virtualtam virtualtam added this to the 0.10.0 milestone Dec 3, 2017
@virtualtam virtualtam mentioned this issue Dec 3, 2017
Merged
@virtualtam virtualtam modified the milestones: 0.10.0, 0.10.1 Apr 27, 2018
@ArthurHoaro ArthurHoaro modified the milestones: 0.10.1, 0.10.2 Jul 29, 2018
@ArthurHoaro ArthurHoaro modified the milestones: 0.10.2, 0.10.3 Aug 11, 2018
@nodiscc nodiscc self-assigned this Nov 3, 2018
ArthurHoaro added a commit to ArthurHoaro/Shaarli that referenced this issue Feb 9, 2019
@ArthurHoaro
Rewrite IP ban management
b49a04f 
This adds a dedicated manager class to handle all ban interactions, which is instantiated and handled by LoginManager.
IPs are now stored in the same format as the datastore, through FileUtils.

Fixes shaarli#1032 shaarli#587
@ArthurHoaro ArthurHoaro mentioned this issue Feb 9, 2019
Merged
@virtualtam virtualtam modified the milestones: 0.10.3, 0.11.0 Feb 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nodiscc nodiscc

Labels
docker containers & cloud documentation enhancement security server
Projects
None yet
Milestone
0.11.0
Development

Successfully merging a pull request may close this issue.

Rewrite IP ban management ArthurHoaro/Shaarli
3 participants
@virtualtam @ArthurHoaro @nodiscc