Coder Social home page Coder Social logo

Comments (6)

bdukes avatar bdukes commented on July 28, 2024 1

In https://github.com/cantarus/PolyDeploy/blob/78b6127ae1ea8200c8ef1ea233ac6b0d84461535/PolyDeploy/Components/WebAPI/ActionFilters/InWhitelist.cs#L46, consider using HttpRequestBase.IsLocal instead of checking 127.0.0.1

from polydeploy.

avatar commented on July 28, 2024 1

@tomwalters It's not a reverse proxy issue, PolyDeploy has handling for this already built in.

The scenario this occurred in was where the web server had multiple IP addresses bound to it. So it appeared the traffic was coming from one of those rather than the localhost loopback address.

from polydeploy.

RichardHowells avatar RichardHowells commented on July 28, 2024 1

The scenario this occurred in was where the web server had multiple IP addresses bound to it. So it appeared the traffic was coming from one of those rather than the localhost loopback address.

I just installed v0.9.3

I found the same problem as mentioned above on a machine with multiple IP addresses. It is no longer easy to hack IP addresses into the database as they are no longer stored in human readable form.

I used the following workaround, which is somewhat complex and a PITA...

Then I was able to get to the site using 127.0.0.1 and access the UI for setting up WhiteLists and API Keys.

The machine I am using has multiple installs of DNN and most of the installs have multiple portals. In this situation my workaround is fairly painful.

@can-anierzad - did the change you refer to actually get made? If so it does not seem to help in my situation.

from polydeploy.

tomwalters avatar tomwalters commented on July 28, 2024

@can-martin-kennish This is likely caused because the server is behind a reverse proxy, thus obscuring the real IP. Is there a way we could inspect the headers to extract an X-Forwarded-For?

There might be some security considerations to make around IP spoofing when doing a direct comparison to 127... so the solution from @bdukes is probably the best bet (although I wouldn't be surprised if the actual implementation is exactly the same.)

from polydeploy.

bdukes avatar bdukes commented on July 28, 2024

The basic logic for IsLocal is in HttpWorkerRequest

from polydeploy.

avatar commented on July 28, 2024

Thanks @bdukes, I'll make the change and see if it resolves the issue we're having in the environment @can-martin-kennish described above.

from polydeploy.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.