Skip to content

Commit b26dcd0

Browse files
author
Rajko Albrecht
committed
Ticket #5236
First workflow for allow reverse proxy with different site names for ispconfig panel. TODO: Allow only for sites known to the system itself instead of all or none.
1 parent e7688c6 commit b26dcd0

File tree

2 files changed

+46
-27
lines changed

2 files changed

+46
-27
lines changed

interface/lib/app.inc.php

Lines changed: 43 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -68,20 +68,31 @@ public function __construct() {
6868
$this->db = false;
6969
}
7070
}
71+
$this->uses('functions'); // we need this before all others!
72+
$this->uses('auth,plugin,ini_parser,getconf');
73+
74+
}
7175

76+
public function __get($prop) {
77+
if(property_exists($this, $prop)) return $this->{$prop};
78+
79+
$this->uses($prop);
80+
if(property_exists($this, $prop)) return $this->{$prop};
81+
else return null;
82+
}
83+
84+
public function __destruct() {
85+
session_write_close();
86+
}
87+
88+
public function initialize_session() {
7289
//* Start the session
7390
if($this->_conf['start_session'] == true) {
74-
7591
$this->uses('session');
7692
$sess_timeout = $this->conf('interface', 'session_timeout');
77-
$cookie_domain = (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']);
78-
79-
// Workaround for Nginx servers
80-
if($cookie_domain == '_') {
81-
$tmp = explode(':',$_SERVER["HTTP_HOST"]);
82-
$cookie_domain = $tmp[0];
83-
unset($tmp);
84-
}
93+
$cookie_domain = $this->get_cookie_domain();
94+
$this->log("cookie_domain is ".$cookie_domain,0);
95+
$cookie_domain = '';
8596
$cookie_secure = ($_SERVER["HTTPS"] == 'on')?true:false;
8697
if($sess_timeout) {
8798
/* check if user wants to stay logged in */
@@ -122,23 +133,8 @@ public function __construct() {
122133
if(empty($_SESSION['s']['language'])) $_SESSION['s']['language'] = $conf['language'];
123134
}
124135

125-
$this->uses('functions'); // we need this before all others!
126-
$this->uses('auth,plugin,ini_parser,getconf');
127-
128-
}
129-
130-
public function __get($prop) {
131-
if(property_exists($this, $prop)) return $this->{$prop};
132-
133-
$this->uses($prop);
134-
if(property_exists($this, $prop)) return $this->{$prop};
135-
else return null;
136136
}
137137

138-
public function __destruct() {
139-
session_write_close();
140-
}
141-
142138
public function uses($classes) {
143139
$cl = explode(',', $classes);
144140
if(is_array($cl)) {
@@ -192,7 +188,7 @@ public function log($msg, $priority = 0) {
192188
$tstamp = time();
193189
$msg = '[INTERFACE]: '.$msg;
194190
$this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, ?, ?)", $server_id, $priority,$tstamp,$msg);
195-
/*
191+
196192
if (is_writable($this->_conf['log_file'])) {
197193
if (!$fp = fopen ($this->_conf['log_file'], 'a')) {
198194
$this->error('Unable to open logfile: ' . $this->_conf['log_file']);
@@ -204,7 +200,7 @@ public function log($msg, $priority = 0) {
204200
} else {
205201
$this->error('Unable to write to logfile: ' . $this->_conf['log_file']);
206202
}
207-
*/
203+
208204
}
209205
}
210206

@@ -336,12 +332,33 @@ public function tpl_defaults() {
336332
$this->tpl->setVar('globalsearch_noresults_limit_txt', $this->lng('globalsearch_noresults_limit_txt'));
337333
$this->tpl->setVar('globalsearch_searchfield_watermark_txt', $this->lng('globalsearch_searchfield_watermark_txt'));
338334
}
335+
336+
private function get_cookie_domain() {
337+
$proxy_panel_allowed = $this->getconf->get_security_config('permissions')['reverse_proxy_panel_allowed'];
338+
$cookie_domain = (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']);
339+
// Workaround for Nginx servers
340+
if($cookie_domain == '_') {
341+
$tmp = explode(':',$_SERVER["HTTP_HOST"]);
342+
$cookie_domain = $tmp[0];
343+
unset($tmp);
344+
}
345+
$this->log("Server: ".print_r($_SERVER,true));
346+
if ($proxy_panel_allowed == 'all') {
347+
return '';
348+
}
349+
return $cookie_domain;
350+
}
339351

340352
} // end class
341353

342354
//** Initialize application (app) object
343355
//* possible future = new app($conf);
344356
$app = new app();
357+
/* split session creation out of constructor is IMHO better.
358+
otherwise we have some circular references to global $app like in
359+
getconfig property of App - RA
360+
*/
361+
$app->initialize_session();
345362

346363
// load and enable PHP Intrusion Detection System (PHPIDS)
347364
$ids_security_config = $app->getconf->get_security_config('ids');

security/security_settings.ini

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ admin_allow_software_repo=superadmin
1717
remote_api_allowed=yes
1818
password_reset_allowed=yes
1919
session_regenerate_id=yes
20+
reverse_proxy_panel_allowed=none
2021

2122
[ids]
2223
ids_anon_enabled=yes
@@ -42,4 +43,5 @@ security_admin_email_subject=Security alert from server
4243
warn_new_admin=yes
4344
warn_passwd_change=no
4445
warn_shadow_change=no
45-
warn_group_change=no
46+
warn_group_change=no
47+

0 commit comments

Comments
 (0)