Skip to content

S
slapos-mynij-dev
Commit 468d8148 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki
Browse files
Options

fixup! apache-backend: discard incoming X-Forwarded-For without valid SSL Client Authentification.

parent ffd51275
Show whitespace changes
Inline Side-by-side
Showing with 3 additions and 2 deletions
component/apache/apache-backend.conf.in
View file @ 468d8148
...@@ -135,10 +135,11 @@ SSLProxyEngine On ...@@ -135,10 +135,11 @@ SSLProxyEngine On
# As backend is trusting Remote-User header unset it always # As backend is trusting Remote-User header unset it always
RequestHeader unset Remote-User RequestHeader unset Remote-User
# Drop incoming X-Forwarded-For without valid client authentication
RequestHeader unset X-Forwarded-For "expr=%{SSL_CLIENT_VERIFY} != 'SUCCESS'"
{% if ca_cert_dir -%} {% if ca_cert_dir -%}
SSLVerifyClient optional SSLVerifyClient optional
RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s
RequestHeader unset X-Forwarded-For "expr=%{SSL_CLIENT_VERIFY} != 'SUCCESS'"
SSLCACertificatePath {{ ca_cert_dir }} SSLCACertificatePath {{ ca_cert_dir }}
{% if crl_dir -%} {% if crl_dir -%}
SSLCARevocationCheck chain SSLCARevocationCheck chain
......
component/apache/buildout.hash.cfg
View file @ 468d8148
...@@ -14,5 +14,5 @@ ...@@ -14,5 +14,5 @@
# not need these here). # not need these here).
[template-apache-backend-conf] [template-apache-backend-conf]
filename = apache-backend.conf.in filename = apache-backend.conf.in
md5sum = 68ce79573bb2b39625ee6ef57c2e7f14 md5sum = 5c6d6aacc092b23a02e1c6f4d51e8127
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7