•  
      request #9280 Set $sys_trusted_proxies should allow a subnet
    Infos
    #9280
    Matthieu Monnier (mmonnier)
    2016-06-29 17:42
    2016-06-23 18:31
    9566
    Details
    Set $sys_trusted_proxies should allow a subnet
    When using tuleap in a controlled network (like docker network) it make sense to make tuleap trust the whole subnet

    File: /etc/tuleap/conf/local.inc
    ...
    $sys_trusted_proxies = '10.0.0.0/8';
    ...
    Other
    All
    Empty
    • [x] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2016-06-29
    Attachments
    Empty
    References
    Referencing request #9280

    Artifact Tracker v5

    rel #9210 8.17
    Referenced by request #9280

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2016-06-29 17:42
    Integrated into Tuleap 8.16.99.16.

    • Category changed from Tuleap Appliance to Other
    • Status changed from Under review to Closed
    • Reported in version changed from 8.15 to All
    • Close date changed from 2016-06-24 to 2016-06-29
    • Platform cleared values: CentOS 6
    • Is an Enhancement or an internal improvement? set to enhancement
    User avatar

    An alternative is to have a subnet as a trusted proxy


    • Summary
      -Set $sys_trusted_proxies with a hostname is impossible 
      +Set $sys_trusted_proxies should allow a subnet 
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    • Status changed from Declined to New
    User avatar

    I had a look at the code and it's the right way to do it as we do the match with REMOTE_ADDR header that is set as an IP address. Checking for hostname IP for each hit would have a very high cost so the workaround needs to be defined elsewhere.


    • Status changed from New to Declined
    • Close date set to 2016-06-24
    User avatar
    • Summary
      -set $sys_trusted_proxies with a hostname is impossible 
      +Set $sys_trusted_proxies with a hostname is impossible 
    User avatar
    • Summary
      -$sys_trusted_proxies with a hostname is impossible 
      +set $sys_trusted_proxies with a hostname is impossible