[Koha-bugs] [Bug 36304] Allow option to automatically trust cloudflare proxies
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Mar 21 00:34:36 CET 2024
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36304
--- Comment #3 from David Cook <dcook at prosentient.com.au> ---
Thanks for your work on this, Nicholas.
I don't mean to be a stickler, but since koha_trusted_proxies is a
koha-conf.xml config, it probably makes sense to have this one be one too.
I like the idea of using the Cloudflare API to keep an up-to-date list, but the
list rarely changes. According to https://www.cloudflare.com/en-gb/ips/ it's
only changed 4 times in about 7 years.
So I'm not sure that we should have each worker call the API on startup.
Personally, I find the startup super slow already. It might make more sense for
the list to be updated by a cronjob. Perhaps the "TrustCloudFlare" config
option could be a path to the list.
Another thought I had might be to add a timeout to LWP::UserAgent, because I
think it defaults to 180 seconds. If there were an issue with the CloudFlare
API, I don't think you'd want each worker to wait 3 minutes before starting up.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list