Comments (6)
In https://github.com/cantarus/PolyDeploy/blob/78b6127ae1ea8200c8ef1ea233ac6b0d84461535/PolyDeploy/Components/WebAPI/ActionFilters/InWhitelist.cs#L46, consider using HttpRequestBase.IsLocal
instead of checking 127.0.0.1
from polydeploy.
@tomwalters It's not a reverse proxy issue, PolyDeploy has handling for this already built in.
The scenario this occurred in was where the web server had multiple IP addresses bound to it. So it appeared the traffic was coming from one of those rather than the localhost loopback address.
from polydeploy.
The scenario this occurred in was where the web server had multiple IP addresses bound to it. So it appeared the traffic was coming from one of those rather than the localhost loopback address.
I just installed v0.9.3
I found the same problem as mentioned above on a machine with multiple IP addresses. It is no longer easy to hack IP addresses into the database as they are no longer stored in human readable form.
I used the following workaround, which is somewhat complex and a PITA...
- Add another IIS binding for https://127.0.0.1
- Add a portalalias for https://127.0.0.1
Then I was able to get to the site using 127.0.0.1 and access the UI for setting up WhiteLists and API Keys.
The machine I am using has multiple installs of DNN and most of the installs have multiple portals. In this situation my workaround is fairly painful.
@can-anierzad - did the change you refer to actually get made? If so it does not seem to help in my situation.
from polydeploy.
@can-martin-kennish This is likely caused because the server is behind a reverse proxy, thus obscuring the real IP. Is there a way we could inspect the headers to extract an X-Forwarded-For
?
There might be some security considerations to make around IP spoofing when doing a direct comparison to 127... so the solution from @bdukes is probably the best bet (although I wouldn't be surprised if the actual implementation is exactly the same.)
from polydeploy.
The basic logic for IsLocal
is in HttpWorkerRequest
from polydeploy.
Thanks @bdukes, I'll make the change and see if it resolves the issue we're having in the environment @can-martin-kennish described above.
from polydeploy.
Related Issues (20)
- File Extension not allowed? HOT 5
- Add to Log: Key Creation
- Prompt to Delete Archives
- Prompt for Installation Folders
- Add to Log: White List IP
- Update for DNN 9.xx UI HOT 1
- Update IP Allow List to Support Range HOT 1
- Update IP Allow List on Install HOT 3
- Add Note Column to IP Address HOT 2
- Integrate with Prompt
- Create Admin page on Install
- Unable to build master or dev
- DNN 9.6.2 Exception on Deploy
- No agent found in pool TFSvNext which satisfies the specified demands HOT 14
- Add support for IP Address range whitelisting to support Azure Pipelines HOT 2
- Not an issue
- An error occurred while sending the request. HOT 8
- DeployClient Unable to overwrite existing file HOT 6
- No json results from failed deploy HOT 1
- Getting 403 error while downloading PolyDeploy from pipeline task HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from polydeploy.