digitaldemocratic/dd-sso/docker
Evilham 8f5de8af6a
[network] Fix handling of forwarded headers
This fixes several issues where services would see the internal IP of
the proxy and not that of the client.

It works by first unsetting any proxy-related headers that arrive from
the internet, then setting those as seen by HAProxy's entrypoint
frontend.
And finally making sure that neither WAF when enabled nor other
HAProxy backends touch these headers, while they are actually used by
the final services.

Services affected:	Netcloud, Keycloak, Moodle
2022-12-02 06:49:56 +01:00
..
api [dd-sso/api] Cover all cases, add docs for megamenu internal links 2022-11-23 12:54:21 +01:00
haproxy [network] Fix handling of forwarded headers 2022-12-02 06:49:56 +01:00
keycloak [sso] Allow for Keycloak login footer customisation 2022-11-13 10:03:49 +01:00
waf-modsecurity [network] Fix handling of forwarded headers 2022-12-02 06:49:56 +01:00