Security enhancement for reverse proxy setups
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope 2 |
Invalid
|
Wishlist
|
Unassigned |
Bug Description
Zope is typically deployed behind a reverse proxy. Therefore it is necessary to configure the trusted-proxy environment variable of zope.conf to resolve the client IP address from the "x-forwarded-for" header that is added by the proxy. Currently,
if the trusted-proxy ip address was mistyped zope ignores the "x-forwarded-for" header and sets the client IP address to the IP address of the proxy. The fallback to the IP address of the proxy could be a security problem if there are any security policies configuered (autorole etc.) based on the IP address of the client. We suggest that zope should raise an error if trusted-proxy environment is set but zope recieves a "x-forwarded-for" header from an untrusted proxy. The added patch supports this behavior.
Sounds reasonable to me.