Comments (5)
AshleyPinner
commented on May 22, 2024
3
Can I pop in a suggestion to let the system variable you look in for the IP be configurable? In our setup, since we're behind load balancers (with re-negotiated SSL), REMOTE_ADDR is the LB address. Thus in your setup, the IP address would have no variation between users.
from snuffleupagus.
blotus
commented on May 22, 2024
I'm not sure that using the SSL_SESSION_ID is a good idea :
- It is transient, if the server or the client reboots, it's gone (but the same thing can be said about an IP address)
- If the application is hosted behind a reverse proxy, all clients will share the same
SSL_SESSION_IDas the ssl connection is negotiated between the RP and the web server - What about websites that don't use SSL ? (i know it's 2017, but i'll bet that the websites that need snuffleupagus the most don't use SSL)
from snuffleupagus.
jvoisin
commented on May 22, 2024
People are less likely to reset their TLS session than to move to an other IP thanks to roaming. For the reverse-proxy, we do have the same issue with our current IP-based approach: the server will see the IP of the RP, except if the users configures it properly, leading to point 3: we can always fallback to using our current solution :)
from snuffleupagus.
blotus
commented on May 22, 2024
Except it is way easier to setup mod_rpaf so that the server will see the client IP than trying to forward the SSL_SESSION_ID :)
from snuffleupagus.
jvoisin
commented on May 22, 2024
This is done in 377cb2a
Thank everyone for the suggestions ♥
from snuffleupagus.
Related Issues (20)
- readonly_exec + phar archives seems to not work
- Rule parsing crash HOT 1
- PHP 8.2 support HOT 4
- snuffleupagus.ini is installed to PHP 8.1 folder on 8.2 system
- .deb doesn't ship PHP8 rules HOT 1
- undefined symbol: PHP_SHA256Init HOT 6
- PHP 8.3 compatibility HOT 3
- XXE and Nextcloud HOT 2
- none-standard symbols brake executions of rules HOT 2
- upgrading from older versions to latest HOT 1
- Snuffleupagus did;nt work as expected HOT 3
- Snuffleupagus for php 7.4 latest HOT 2
- Clarify `match` comparisson for filters
- Support filter `param` multiple times HOT 3
- SP doesn't work with phar files
- Snuffleupagus 0.10.0 when loaded via Apache only applies ruleset when it has no comments HOT 9
- V10 debian packages missing HOT 3
- PHP-FPM 8.3 child exited with code 70 HOT 3
- Patchstack Wordpress Vulnerability DB HOT 1
- Snuffleupagus associated with high CPU load HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from snuffleupagus.