Last modified: 2004-09-02 22:09:15 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T2273, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 273 - Making MediaWiki reversed proxying able (use HTTP_HOST for redirects if set)


Summary:	Making MediaWiki reversed proxying able (use HTTP_HOST for redirects if set)

Status:	RESOLVED DUPLICATE of bug 61

Product:	MediaWiki
Classification:	Unclassified
Component:	General/Unknown (Other open bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	Normal normal (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:
Whiteboard:
Keywords:	patch

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2004-09-02 22:00 UTC by Hendrik Brummermann
Modified:	2004-09-02 22:09 UTC (History)
CC List:	0 users

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
use HTTP_HOST if set (868 bytes, patch) 2004-09-02 22:01 UTC, Hendrik Brummermann	Details
Add an attachment (proposed patch, testcase, etc.)

Description Hendrik Brummermann 2004-09-02 22:00:21 UTC

Mediawiki should use the HTTP_HOST instead of SERVER_NAME, if the first one is set.

Problem: Using a tcp-forward HTTP-redirect do not work because the server name
included in the Location header is set based on the local settings of the
webserver. However, the name of the reversed proxy should be used. This one is
provided in the HTTP-"Host:"-header, if HTTP 1.1 is used.

Comment 1 Hendrik Brummermann 2004-09-02 22:01:01 UTC

Created attachment 23 [details]
use HTTP_HOST if set

Comment 2 Brion Vibber 2004-09-02 22:09:15 UTC

You can already manually set $wgServer to anything you like.

Note that using HTTP_HOST indiscriminately may not be the best idea; a server not configured for strict name-based virtual hosts 
will accept anything in that header, so the resulting URL could go to an arbitrary site. If it's not validated, it may even open up 
various injection attacks. It's also bad for caching since the result may differ as various clients connect to the server with different 
hostnames. $wgServer is supposed to be a consistent, canonical form.

Marking as a duplicate of bug 61, for detecting more sensible default values of $wgServer.

*** This bug has been marked as a duplicate of 61 ***

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links