mirror of
https://github.com/librenms/librenms.git
synced 2024-09-21 10:28:13 +00:00
Use built in trusted proxy functionality (#13318)
* Use built in trusted proxy functionality instead of fideloper/proxy * my favorite style rule... * hello braindead ide * restore space
This commit is contained in:
parent
d0f90bdf24
commit
d443d2b4b1
@ -3,26 +3,25 @@
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Illuminate\Http\Middleware\TrustProxies as Middleware;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
class TrustProxies extends Middleware
|
||||
{
|
||||
/**
|
||||
* The trusted proxies for this application.
|
||||
*
|
||||
* @var array|string|null
|
||||
*/
|
||||
protected $proxies;
|
||||
protected function getTrustedHeaderNames()
|
||||
{
|
||||
$this->headers = config('trustedproxy.headers');
|
||||
|
||||
return parent::getTrustedHeaderNames();
|
||||
}
|
||||
|
||||
/**
|
||||
* The headers that should be used to detect proxies.
|
||||
* Get the trusted proxies.
|
||||
*
|
||||
* @var int
|
||||
* @return array|string|null
|
||||
*/
|
||||
protected $headers =
|
||||
Request::HEADER_X_FORWARDED_FOR |
|
||||
Request::HEADER_X_FORWARDED_HOST |
|
||||
Request::HEADER_X_FORWARDED_PORT |
|
||||
Request::HEADER_X_FORWARDED_PROTO |
|
||||
Request::HEADER_X_FORWARDED_AWS_ELB;
|
||||
protected function proxies()
|
||||
{
|
||||
$this->proxies = config('trustedproxy.proxies');
|
||||
|
||||
return parent::proxies();
|
||||
}
|
||||
}
|
||||
|
@ -30,7 +30,6 @@
|
||||
"easybook/geshi": "^1.0.8",
|
||||
"ezyang/htmlpurifier": "^4.8",
|
||||
"fico7489/laravel-pivot": "^3.0",
|
||||
"fideloper/proxy": "^4.4",
|
||||
"fruitcake/laravel-cors": "^2.0",
|
||||
"genealabs/laravel-caffeine": "^8.0",
|
||||
"guzzlehttp/guzzle": "^7.0.1",
|
||||
|
60
composer.lock
generated
60
composer.lock
generated
@ -4,7 +4,7 @@
|
||||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||
"This file is @generated automatically"
|
||||
],
|
||||
"content-hash": "9ab00e7f7d4af766342b38b9019f7fe7",
|
||||
"content-hash": "4756600b7d329eed706b8a224e47fb4a",
|
||||
"packages": [
|
||||
{
|
||||
"name": "amenadiel/jpgraph",
|
||||
@ -1115,64 +1115,6 @@
|
||||
},
|
||||
"time": "2020-10-05T06:12:29+00:00"
|
||||
},
|
||||
{
|
||||
"name": "fideloper/proxy",
|
||||
"version": "4.4.1",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/fideloper/TrustedProxy.git",
|
||||
"reference": "c073b2bd04d1c90e04dc1b787662b558dd65ade0"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/fideloper/TrustedProxy/zipball/c073b2bd04d1c90e04dc1b787662b558dd65ade0",
|
||||
"reference": "c073b2bd04d1c90e04dc1b787662b558dd65ade0",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"illuminate/contracts": "^5.0|^6.0|^7.0|^8.0|^9.0",
|
||||
"php": ">=5.4.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"illuminate/http": "^5.0|^6.0|^7.0|^8.0|^9.0",
|
||||
"mockery/mockery": "^1.0",
|
||||
"phpunit/phpunit": "^6.0"
|
||||
},
|
||||
"type": "library",
|
||||
"extra": {
|
||||
"laravel": {
|
||||
"providers": [
|
||||
"Fideloper\\Proxy\\TrustedProxyServiceProvider"
|
||||
]
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"Fideloper\\Proxy\\": "src/"
|
||||
}
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Chris Fidao",
|
||||
"email": "fideloper@gmail.com"
|
||||
}
|
||||
],
|
||||
"description": "Set trusted proxies for Laravel",
|
||||
"keywords": [
|
||||
"load balancing",
|
||||
"proxy",
|
||||
"trusted proxy"
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/fideloper/TrustedProxy/issues",
|
||||
"source": "https://github.com/fideloper/TrustedProxy/tree/4.4.1"
|
||||
},
|
||||
"time": "2020-10-22T13:48:01+00:00"
|
||||
},
|
||||
{
|
||||
"name": "fruitcake/laravel-cors",
|
||||
"version": "v2.0.4",
|
||||
|
@ -1,12 +1,14 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
| !!!! DO NOT EDIT THIS FILE !!!!
|
||||
|
|
||||
| You can change settings by setting them in the environment or .env
|
||||
| If there is something you need to change, but is not available as an environment setting,
|
||||
| request an environment variable to be created upstream or send a pull request.
|
||||
*/
|
||||
/*
|
||||
| !!!! DO NOT EDIT THIS FILE !!!!
|
||||
|
|
||||
| You can change settings by setting them in the environment or .env
|
||||
| If there is something you need to change, but is not available as an environment setting,
|
||||
| request an environment variable to be created upstream or send a pull request.
|
||||
*/
|
||||
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
return [
|
||||
|
||||
@ -53,6 +55,10 @@ return [
|
||||
*
|
||||
* @link https://symfony.com/doc/current/deployment/proxies.html
|
||||
*/
|
||||
'headers' => Illuminate\Http\Request::HEADER_X_FORWARDED_ALL,
|
||||
'headers' => Request::HEADER_X_FORWARDED_FOR |
|
||||
Request::HEADER_X_FORWARDED_HOST |
|
||||
Request::HEADER_X_FORWARDED_PORT |
|
||||
Request::HEADER_X_FORWARDED_PROTO |
|
||||
Request::HEADER_X_FORWARDED_AWS_ELB,
|
||||
|
||||
];
|
||||
|
@ -18,6 +18,14 @@ an SSL certificate such as ones provided by [LetsEncrypt](http://www.letsencrypt
|
||||
|
||||
Please ensure you keep your install [up to date](Updating.md).
|
||||
|
||||
## Trusted Proxies
|
||||
|
||||
When using a reverse proxy, you may restrict the hosts allowed to forward
|
||||
headers to LibreNMS. By default this allows all proxies, due to legacy reasons.
|
||||
|
||||
Set APP_TRUSTED_PROXIES in your .env to an empty string or the urls to
|
||||
the proxies allowed to forward.
|
||||
|
||||
# Reporting vulnerabilities
|
||||
|
||||
Like anyone, we appreciate the work people put in to find flaws in
|
||||
|
Loading…
Reference in New Issue
Block a user