Revision 9690f3ae
Added by Ewoud Kohl van Wijngaarden over 2 years ago
| test/fixtures/settings.yml | ||
|---|---|---|
|
category: Setting
|
||
|
default: "true"
|
||
|
description: "Only known Smart Proxies may access features that use Smart Proxy authentication"
|
||
|
attribute28:
|
||
|
name: require_ssl_smart_proxies
|
||
|
category: Setting
|
||
|
default: "true"
|
||
|
description: "Client SSL certificates are used to identify Smart Proxies (:require_ssl should also be enabled)"
|
||
|
attribute29:
|
||
|
name: ssl_client_dn_env
|
||
|
category: Setting
|
||
Also available in: Unified diff
Fixes #34236 - Drop require_ssl_smart_proxies setting
This defaults to true and setting it to false can create security
problems. Mandating client SSL certificates creates a more secure
environment.
Previously when require_ssl_smart_proxies was false, reverse DNS was
used. This code is dropped as it is insecure. Requests are now denied.