[Koha-bugs] [Bug 36304] Allow option to automatically trust cloudflare proxies

Wed Mar 20 10:10:19 CET 2024

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36304

Nicholas van Oudtshoorn <vanoudt at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #163104|0                           |1
        is obsolete|                            |
             Status|NEW                         |In Discussion
           Assignee|koha-bugs at lists.koha-commun |vanoudt at gmail.com
                   |ity.org                     |
                 CC|                            |vanoudt at gmail.com

--- Comment #2 from Nicholas van Oudtshoorn <vanoudt at gmail.com> ---
Created attachment 163515
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163515&action=edit
Preference and plumbing to trust cloudflare proxies automatically

This patch adds in a new preference, and updates Koha::Middleware::RealIP to
automatically add the current list of CloudFlare proxies as trusted proxies.
This relieves administrators of having to constantly check if the cloudflare
proxies are correctly configured on koha, since cloudflare does occassionally
add or remove proxies. Rather than individual IPs being added to the
trusted_proxies list, this also uses the CIDRs that cloudflare provides, and
that koha uses internally.

In the future, it might be nice to use the CF_CONNECTING_IP header, but this
shouldn't be necessary right now.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.