Running BoZoN behing a reverse proxy - do not use hard encoded names

[bohnelang]

I need to patch some part in the system where it gets local SERVER_NAME or SERVER_HOST.

Running BoZoN behind a proxy, the internal servername is different from outside-view!

Would be nice if one could define this part in config. Maybe with: $default_i_srv_name = "www.uni-heaven.de"; and later

$servername = (empty($default_i_srv_name)? $_SERVER["SERVER_NANE"]:$default_i_srv_name);

....

core/auto_restrict.php: if (!isset($auto_restrict['domain'])){ $auto_restrict['domain']= "www.uni-heaven.de";}
core/core.php:      $servername = "www.uni-heaven.de";
core/core.php:      $servername = "www.uni-heaven.de";

[briceparmentier]

Hi, I have the same problem because my box does not accept the NAT loopback so that I can't call my dynamic DNS from local network to target my local equipment. As I have no time to investigate it right now, thanks to the ones that would have it :)

[broncowdd]

Thanks a lot: I think it should be usefull indeed. I'll add it in the next version. ;-)

[broncowdd]

Hi again ^^ Could you try this version ?

core.zip

Theres a new variable in config.php and core.php sets a $_SESSION['SERVER_NAME'] used in auto_restrict. Tell me if it works ;-)

[bohnelang]

Nope - not working -> "referer error!" :-)

[broncowdd]

Even after a logout / login ? (to clear session vars)

[bohnelang]

$_SESSION['SERVER_NAM'] is empty at this time. (Where is it set?) (Next answer will be in 14 days - I am out on vacation now:-)

[broncowdd]

Maybe I have found the issue: in config.php, remove the space before the «=»: $default_i_srv_name ="" => $default_i_srv_name=''"

[briceparmentier]

I will test it soon bronco and get back to you here asap :)

[broncowdd]

Thanks a lot ;-)

[briceparmentier]

Bronco, just to be sure (sorry I didn't have time to test this week-end), can you confirm that I just need to edit the line in config.php, or do I need to apply the last patch you sent core.zip ?

[broncowdd]

Hi, Yes, you just have to edit config.php ;-)

[briceparmentier]

Hello,

Bronco sorry for the delay of testing but I changed my Internet provider and had troubles to get my local network and NAT rules to work correctly again... The problem is that I can't find the line containing $default_i_srv_name anywhere (config.php, core/core.php...) :o I have an up-to-date version of the code on my Raspberry PI (directly cloned from GitHub).

What I found recently is that when trying to connect from the local network with the IP address while my BoZoN web server is configured with my dyn DNS, I get an error similar to the one I get if I try to enter multiple times a wrong password, which is "referer error"... Is it relevant to you? Does it bring some clue?

Cheers. Brice

[briceparmentier]

@bohnelang : which kind of server do you use? Apache or nginx ? Or whatever else? I'm wondering if the problem does not come from both BoZoN and web server configuration in fact...

On my side I'm running nginx and I'm struggling with the server_name directive in the configuration, which brings me the "referer error" message if I try to access the application from the local network (with the IP address) if the server_name directive is set to my dyn DNS name...

After reading again the messages on this issue, I guess I had some misunderstanding, trying to search "default_i_srv_name" instead of "$_SESSION"... So for me it also doesn't work with the modification in config.php.

That's why I think maybe two problems are mixed, and one is affecting the other... Perhaps there is an issue with the web server configuration, but also a security case inside BoZoN that hasn't been taken into account...

[bohnelang]

Hi, first time back in office :-)

We are using Apache as a reverse proxy. Outside name is like (I do not want the real url in this post): https://www.umm.uni-heidelberg.de/FileUploader/

The Apache redirects this requests to www5.medma.uni-heidelberg.de

ProxyPass /FileUploader/ http://www5.medma.uni-heidelberg.de/FileUploader/ ProxyPassReverse /FileUploader/ http://www5.medma.uni-heidelberg.de/FileUploader/

Thus: The server name is www.umm.uni-heidelberg.de and not www5.medma.uni-heidelberg.de. The www5 is only for internal use.

After patching BoZoN my installtion works without problems. Thus I think, my Apache config is quit right.

Greetings :-)

[briceparmentier]

So you managed to get it working only by patching the auto_restrict.php at line 68 : $auto_restrict['domain']=$_SESSION['SERVER_NAME'];} instead of $auto_restrict['domain']=$_SERVER['SERVER_NAME'];} ? This means I was wrong (apologize bronco), and my case only comes from my nginx configuration :/

[bohnelang]

No - at the moment I am using hard encoded names like in the first post. At the moment we are testing this tool - thus this is OK for us.

[broncowdd]

Don't worry @briceparmentier ! So, finally: is it workig or not ? ^^

[briceparmentier]

Well, maybe I was wrong thinking that the current case was the same than mine... It seems not, so I won't disturb this post with my case ;)