diff options
| author |  Mossroy <mossroy@mossroy.fr>
| 2023-10-25 16:23:03 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2023-10-25 16:23:03 +0200 |
| commit | 5374df384a032e91f09d53291c879ee19da99714 (patch) | |
| tree | cf04a1638d0b5279c4692a1dc9468301459da909 /Docker | |
| parent | 280a1e11556bd22f3640facc12ec5bdaa5d10d90 (diff) | |
Use RemoteIPInternalProxy directive of remoteip Apache module (#5740)
* Use RemoteIPInternalProxy directive of remoteip Apache module
instead of RemoteIPTrustedProxy directive
To allow internal IPs to be trusted: for internal clients,
and also for the case of chained internal reverse-proxies
Fixes #5726
* One last reference forgotten
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Diffstat (limited to 'Docker')
| -rw-r--r-- | Docker/FreshRSS.Apache.conf | 2 | ||||
| -rw-r--r-- | Docker/README.md | 2 | ||||
| -rwxr-xr-x | Docker/entrypoint.sh | 6 |
3 files changed, 5 insertions, 5 deletions
diff --git a/Docker/FreshRSS.Apache.conf b/Docker/FreshRSS.Apache.conf index f3dc6da7c..49411441b 100644 --- a/Docker/FreshRSS.Apache.conf +++ b/Docker/FreshRSS.Apache.conf @@ -11,7 +11,7 @@ ErrorLog /dev/stderr # Can be disabled by setting the TRUSTED_PROXY environment variable to 0: RemoteIPHeader X-Forwarded-For # Can be overridden by the TRUSTED_PROXY environment variable: - RemoteIPTrustedProxy 10.0.0.1/8 172.16.0.1/12 192.168.0.1/16 + RemoteIPInternalProxy 10.0.0.1/8 172.16.0.1/12 192.168.0.1/16 </IfModule> LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_proxy diff --git a/Docker/README.md b/Docker/README.md index c44e4691c..01d2e59a6 100644 --- a/Docker/README.md +++ b/Docker/README.md @@ -329,7 +329,7 @@ services: LISTEN: 0.0.0.0:80 # Optional parameter, remove for automatic settings, set to 0 to disable, # or (if you use a proxy) to a space-separated list of trusted IP ranges - # compatible with https://httpd.apache.org/docs/current/mod/mod_remoteip.html#remoteiptrustedproxy + # compatible with https://httpd.apache.org/docs/current/mod/mod_remoteip.html#remoteipinternalproxy # This impacts which IP address is logged (X-Forwarded-For or REMOTE_ADDR). # This also impacts external authentication methods; # see https://freshrss.github.io/FreshRSS/en/admins/09_AccessControl.html diff --git a/Docker/entrypoint.sh b/Docker/entrypoint.sh index c17d0d445..958fb4b40 100755 --- a/Docker/entrypoint.sh +++ b/Docker/entrypoint.sh @@ -13,11 +13,11 @@ fi if [ -n "$TRUSTED_PROXY" ]; then if [ "$TRUSTED_PROXY" = "0" ]; then - # Disable RemoteIPHeader and RemoteIPTrustedProxy + # Disable RemoteIPHeader and RemoteIPInternalProxy find /etc/apache2/ -type f -name FreshRSS.Apache.conf -exec sed -r -i "/^\s*RemoteIP.*$/s/^/#/" {} \; else - # Custom list for RemoteIPTrustedProxy - find /etc/apache2/ -type f -name FreshRSS.Apache.conf -exec sed -r -i "\\#^\s*RemoteIPTrustedProxy#s#^.*#\tRemoteIPTrustedProxy $TRUSTED_PROXY#" {} \; + # Custom list for RemoteIPInternalProxy + find /etc/apache2/ -type f -name FreshRSS.Apache.conf -exec sed -r -i "\\#^\s*RemoteIPInternalProxy#s#^.*#\tRemoteIPInternalProxy $TRUSTED_PROXY#" {} \; fi fi |