recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Update Preamble documentation for clusters with mixed request sources and loadbalancer chains

Summary:
Fixes T11487. Improve documentation for three situations:

- When you configure a cluster behind a load balancer, all requests are trusted but not all have an "X-Forwarded-For" header. Change the suggested snippet to read this header only if it exists.
- When a request goes through a series of load balancers (as with a CDN) they can end up writing a list of IPs to the header. Parse these.
- Remove the "rate limiting" stuff -- this got disabled/removed a long time ago and is misleading/incorrect.

Test Plan: Read documentation.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11487

Differential Revision: https://secure.phabricator.com/D16403

epriestley a35b03ac 05f72273

+41 -44
+41 -44
src/docs/user/configuration/configuring_preamble.diviner
··· 4 4 Adjust environmental settings (SSL, remote IP, rate limiting) using a preamble 5 5 script. 6 6 7 - = Overview = 7 + Overview 8 + ======== 8 9 9 10 If Phabricator is deployed in an environment where HTTP headers behave oddly 10 11 (usually, because it is behind a load balancer), it may not be able to detect ··· 37 38 request, allowing you to adjust the environment. For common adjustments and 38 39 examples, see the next sections. 39 40 40 - = Adjusting Client IPs = 41 + Adjusting Client IPs 42 + ==================== 41 43 42 44 If your install is behind a load balancer, Phabricator may incorrectly detect 43 - all requests as originating from the load balancer, rather than from the correct 44 - client IPs. If this is the case and some other header (like `X-Forwarded-For`) 45 - is known to be trustworthy, you can overwrite the `REMOTE_ADDR` setting so 46 - Phabricator can figure out the client IP correctly: 45 + all requests as originating from the load balancer, rather than from the 46 + correct client IPs. 47 + 48 + If this is the case and some other header (like `X-Forwarded-For`) is known to 49 + be trustworthy, you can read the header and overwrite the `REMOTE_ADDR` value 50 + so Phabricator can figure out the client IP correctly. 51 + 52 + You should do this //only// if the `X-Forwarded-For` header is known to be 53 + trustworthy. In particular, if users can make requests to the web server 54 + directly, they can provide an arbitrary `X-Forwarded-For` header, and thereby 55 + spoof an arbitrary client IP. 56 + 57 + The `X-Forwarded-For` header may also contain a list of addresses if a request 58 + has been forwarded through multiple loadbalancers. Using a snippet like this 59 + will usually handle most situations correctly: 47 60 48 61 ``` 49 62 name=Overwrite REMOTE_ADDR with X-Forwarded-For 50 63 <?php 51 64 52 - $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR']; 65 + // Overwrite REMOTE_ADDR with the value in the "X-Forwarded-For" HTTP header. 66 + 67 + // Only do this if you're certain the request is coming from a loadbalancer! 68 + // If the request came directly from a client, doing this will allow them to 69 + // them spoof any remote address. 70 + 71 + // The header may contain a list of IPs, like "1.2.3.4, 4.5.6.7", if the 72 + // request the load balancer received also had this header. 73 + 74 + if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { 75 + $forwarded_for = $_SERVER['HTTP_X_FORWARDED_FOR']; 76 + if ($forwarded_for) { 77 + $forwarded_for = explode(',', $forwarded_for); 78 + $forwarded_for = end($forwarded_for); 79 + $forwarded_for = trim($forwarded_for); 80 + $_SERVER['REMOTE_ADDR'] = $forwarded_for; 81 + } 82 + } 53 83 ``` 54 84 55 - You should do this //only// if the `X-Forwarded-For` header is always 56 - trustworthy. In particular, if users can make requests to the web server 57 - directly, they can provide an arbitrary `X-Forwarded-For` header, and thereby 58 - spoof an arbitrary client IP. 59 - 60 - = Adjusting SSL = 85 + Adjusting SSL 86 + ============= 61 87 62 88 If your install is behind an SSL terminating load balancer, Phabricator may 63 89 detect requests as HTTP when the client sees them as HTTPS. This can cause ··· 76 102 You can also set this value to `false` to explicitly tell Phabricator that a 77 103 request is not an SSL request. 78 104 79 - = Adjusting Rate Limiting = 80 - 81 - Phabricator performs coarse, IP-based rate limiting by default. In most 82 - situations the default settings should be reasonable: they are set fairly high, 83 - and intended to prevent only significantly abusive behavior. 84 - 85 - However, if legitimate traffic is being rate limited (or you want to make the 86 - limits more strict) you can adjust the limits in the preamble script. 87 - 88 - ``` 89 - name=Adjust Rate Limiting Behavior 90 - <?php 91 105 92 - // The default is 1000, so a value of 2000 increases the limit by a factor 93 - // of 2: users will be able to make twice as many requests before being 94 - // rate limited. 95 - 96 - // You can set the limit to 0 to disable rate limiting. 97 - 98 - PhabricatorStartup::setMaximumRate(2000); 99 - ``` 100 - 101 - By examining `$_SERVER['REMOTE_ADDR']` or similar parameters, you could also 102 - adjust the rate limit dynamically: for example, remove it for requests from an 103 - internal network, but impose a strict limit for external requests. 104 - 105 - Rate limiting needs to be configured in this way in order to make it as cheap as 106 - possible to activate after a client is rate limited. The limiting checks execute 107 - before any libraries or configuration are loaded, and can emit a response within 108 - a few milliseconds. 109 - 110 - = Next Steps = 106 + Next Steps 107 + ========== 111 108 112 109 Continue by: 113 110