Yii Framework Forum: Proxy Server, Cache, Https And Chttprequest::$Issecureconnection - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Proxy Server, Cache, Https And Chttprequest::$Issecureconnection Rate Topic: -----

#1 User is offline   le_top 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 386
  • Joined: 08-June 10
  • Location:France (Ile-de-France/Val d'Oise)

Posted 07 February 2013 - 04:48 PM

I have a "special" setup on my servers where I have a proxy sitting in front of the cache which in term fetches data from the actual web service.

After installing a SSL certificate @ the proxy level, I had some difficulty maintaining the 'https' directive in front of the redirects.
It turned out that Yii considered it was not running on a secure connection because the web service it is running on is serving pages using the http protocol. However, these pages are served internally to the cache server which serves them to the proxy where the SSL encryption takes place.

After looking into the available variables, I found that
$_SERVER['HTTP_X_FORWARDED_PROTO']
could tell the tale.


So I replaced CHttpRequest::getIsSecureConnection() with the following:

	/**
     * Return if the request is sent via secure channel (https).
     * @return boolean if the request is sent via secure channel (https)
     */
	public function getIsSecureConnection()
	{
		return (!empty($_SERVER['HTTPS']) && strcasecmp($_SERVER['HTTPS'],'off'))
	         || (!empty($_SERVER['HTTP_X_FORWARDED_PROTO'])
	            	&& strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'],'https')==0)
	    	;
	}



That does the trick for me.

I am not reporting it as a bug or an issue, just logging it here for info.
0

#2 User is offline   Maurizio Domba Cerin 

  • Yii - Yesss It Is !!!
  • Yii
  • Group: Yii Dev Team
  • Posts: 4,359
  • Joined: 12-October 09
  • Location:Croatia

Posted 08 February 2013 - 04:40 AM

Instead of changing a Yii core file (need to make the same changes on every version upgrade) you can add this code to your index.php
if(!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) 
   && strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'],'https')==0)
   $_SERVER['HTTPS'] = 'on';

Find more about me.... btw. Do you know your WAN IP?
0

#3 User is offline   le_top 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 386
  • Joined: 08-June 10
  • Location:France (Ile-de-France/Val d'Oise)

Posted 08 February 2013 - 07:47 AM

Hi

Thanks for the suggestion.

I don't like hacking core values too much, si I extended the CHttpRequest class and specified the new class for it in the configuration file, which was actually already in place to disable CSRF checking in specific cases. In this code I put the ..X_PROTO test first because that is what happens most often for me:

class YHttpRequest extends CHttpRequest {
    public $noCsrfValidationRoutes = array();

    protected function normalizeRequest()
    {
        parent::normalizeRequest();
        $route = implode('/', array_slice(explode('/', Yii::app()->getUrlManager()->parseUrl($this)), 0, 2));

        if($this->enableCsrfValidation && array_search($route, $this->noCsrfValidationRoutes) !== false)
            Yii::app()->detachEventHandler('onbeginRequest',array($this,'validateCsrfToken'));
    }

    /**
     * Return if the request is sent via secure channel (https).
     * @return boolean if the request is sent via secure channel (https)
     */
    public function getIsSecureConnection()
    {
        return (!empty($_SERVER['HTTP_X_FORWARDED_PROTO'])
                && strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'],'https')==0)
                ||(!empty($_SERVER['HTTPS']) && strcasecmp($_SERVER['HTTPS'],'off'))
                ;
    }
}


0

#4 User is offline   Maurizio Domba Cerin 

  • Yii - Yesss It Is !!!
  • Yii
  • Group: Yii Dev Team
  • Posts: 4,359
  • Joined: 12-October 09
  • Location:Croatia

Posted 08 February 2013 - 07:58 AM

NOTE: moved to proper section (Tips, Snippets and Tutorials instead of Bug Discussion)
Find more about me.... btw. Do you know your WAN IP?
0

#5 User is offline   Da:Sourcerer 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,222
  • Joined: 30-March 11
  • Location:Berlin, Germany

Posted 08 February 2013 - 08:10 AM

What is your actual webserver running? In Apache, you can do pretty much the same thing with SetEnvIf.
programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code
0

#6 User is offline   le_top 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 386
  • Joined: 08-June 10
  • Location:France (Ile-de-France/Val d'Oise)

Posted 08 February 2013 - 08:20 AM

Hi
The Yii application is interpreted in PHP through the Apache server, in another setup it is interpreted in PHP through a lighttpd server.

The latter does not support the .htaccess configuration.

So basically we have three solutions now:
1. Extend the CHttpRequest class;
2. Hack the $_SERVER['HTTPS'] value in 'index.php';
3. Hack the $_SERVER['HTTPS'] value in '.htaccess' or other web server setup.

I'll stick with the first solution.

Thanks

Mario
0

#7 User is offline   Da:Sourcerer 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,222
  • Joined: 30-March 11
  • Location:Berlin, Germany

Posted 08 February 2013 - 08:27 AM

Uhm, well .... Lighty does support setting additional enviromental variables for (fast)cgi, so lacking .htaccess support wouldn't be a problem.
programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code
0

#8 User is offline   le_top 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 386
  • Joined: 08-June 10
  • Location:France (Ile-de-France/Val d'Oise)

Posted 08 February 2013 - 08:33 AM

Sure, the configureability of lighttpd is one of the reasons why it is used as an entry point to the server.
On that account it looks like the current HTTPS detection of Yii is not intrinsically compatible with lighttpd and that it requires the hack in the lighttpd configuration:

http://redmine.light...etection-in-PHP
0

#9 User is offline   Da:Sourcerer 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,222
  • Joined: 30-March 11
  • Location:Berlin, Germany

Posted 08 February 2013 - 08:42 AM

View Postle_top, on 08 February 2013 - 08:33 AM, said:

it looks like the current HTTPS detection of Yii is not intrinsically compatible with lighttpd

Perhaps you should know that the HTTPS variable is really a de-facto standard set in place by Apache. There's little Yii can do about that.
programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users