Commit ff1ccc6b authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

stack/erp5: put a magic parameter to use the first entry of X-Forwarded-For as...

stack/erp5: put a magic parameter to use the first entry of X-Forwarded-For as the source IP address.
parent a669c51b
Pipeline #10008 failed with stage
in 0 seconds
...@@ -34,7 +34,7 @@ md5sum = e91c0fbd0df441884f7422fa7976053c ...@@ -34,7 +34,7 @@ md5sum = e91c0fbd0df441884f7422fa7976053c
[template-zope-conf] [template-zope-conf]
filename = zope.conf.in filename = zope.conf.in
md5sum = 762897486b1e7e28b614224a9a577125 md5sum = c43da8f7b4db22e40a4864e6cfcaef44
[site-zcml] [site-zcml]
filename = site.zcml filename = site.zcml
......
...@@ -25,6 +25,13 @@ rest-output-encoding utf-8 ...@@ -25,6 +25,13 @@ rest-output-encoding utf-8
# XXX: isn't this entry implicit ? # XXX: isn't this entry implicit ?
products {{ parameter_dict['instance-products'] }} products {{ parameter_dict['instance-products'] }}
# Magic parameter to use the first entry of X-Forwarded-For as the source IP address.
# (see monkey patches in ERP5Type/patches/HTTPRequest.py and ERP5Type/patches/http_server.py)
# * Frontend HTTP server should drop incoming X-Forwarded-For.
# * Communication between frontend and backend should use SSL Client Authentication.
# * Backend proxy drops incoming X-Forwarded-For without valid SSL Client Authentification.
trusted-proxy 0.0.0.0
{% if not parameter_dict['wsgi'] -%} {% if not parameter_dict['wsgi'] -%}
{% if parameter_dict['webdav'] -%} {% if parameter_dict['webdav'] -%}
<webdav-source-server> <webdav-source-server>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment