Moodle

mnet can't setup a peer when a proxy is in use.

Details

  • Type: Improvement Improvement
  • Status: Reopened Reopened
  • Priority: Major Major
  • Resolution: Unresolved
  • Affects Version/s: 1.9, 2.0
  • Fix Version/s: 2.0.8
  • Component/s: MNet
  • Labels:
    None
  • Affected Branches:
    MOODLE_19_STABLE, MOODLE_20_STABLE
  • Fixed Branches:
    MOODLE_20_STABLE

Description

The mnet code doesn't contain any checks for proxies. This is actually fairly easy to fix, as using curl through a proxy is used and (proven) in other places. It only requires the routine that scrapes the site title to use download_file_content() - which just works - and to modify the curl call that gets the SSO key to check for proxies - mainly by taking the code from the former function.

Issue Links

This issue is blocked by:
MDL-14659 Cannot exclude domains or IP ranges from HTTP Proxy Minor Closed
This issue will help resolve:
MDL-21260 General open bugs Minor Open

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Howard Miller added a comment -

Should now be able to establish link with peer through a HTTP proxy. Mostly uses existing (hence tested hopefully) functions and code snippets.

Show
Howard Miller added a comment - Should now be able to establish link with peer through a HTTP proxy. Mostly uses existing (hence tested hopefully) functions and code snippets.
Hide
Permalink
Dan Poltawski added a comment -

Hi Howard,

I am just wondering if this works?

My vague memory was that thought that the mnet handshaking would check that the incoming request comes from the same ip address as dns resolves the host to. So using a proxy would cause that check to fail? (But also, if you are using a proxy and can't get out directly, how does the mnet peer verify who you are and chat back to you?)

Show
Dan Poltawski added a comment - Hi Howard, I am just wondering if this works? My vague memory was that thought that the mnet handshaking would check that the incoming request comes from the same ip address as dns resolves the host to. So using a proxy would cause that check to fail? (But also, if you are using a proxy and can't get out directly, how does the mnet peer verify who you are and chat back to you?)
Hide
Permalink
Howard Miller added a comment -

A very good point that I had not considered. However, it works perfectly from behind my Squid firewall. I can now connect to either Moodle or Mahara and I couldn't before. I'll have a bit more of think about it, and see if I can justify why it works though

Show
Howard Miller added a comment - A very good point that I had not considered. However, it works perfectly from behind my Squid firewall. I can now connect to either Moodle or Mahara and I couldn't before. I'll have a bit more of think about it, and see if I can justify why it works though
Hide
Permalink
Howard Miller added a comment -

Just checking - both Moodle sites report the IP address of the peer machine as it's actual IP address. The presence of the proxy doesn't seem to make any difference. I haven't checked the exact operation, but I guess that if the xmlrpc packet simply contains the originating host name then the IP still resolves correctly and it all works. As long as the path to "get back" is established (proxy or no) then you have a connection. I suppose this means that it doesn't check what the IP was that the request came from!

Show
Howard Miller added a comment - Just checking - both Moodle sites report the IP address of the peer machine as it's actual IP address. The presence of the proxy doesn't seem to make any difference. I haven't checked the exact operation, but I guess that if the xmlrpc packet simply contains the originating host name then the IP still resolves correctly and it all works. As long as the path to "get back" is established (proxy or no) then you have a connection. I suppose this means that it doesn't check what the IP was that the request came from!
Hide
Permalink
Petr Škoda (skodak) added a comment -

Please consider reverting this in MOODLE_19_STABLE - see MDL-14659

Show
Petr Škoda (skodak) added a comment - Please consider reverting this in MOODLE_19_STABLE - see MDL-14659
Hide
Permalink
Howard Miller added a comment -

This fix could cause problems, without resolving MDL-14659 so that proxies can be excluded for (typically) local addresses.

Show
Howard Miller added a comment - This fix could cause problems, without resolving MDL-14659 so that proxies can be excluded for (typically) local addresses.
Hide
Permalink
Howard Miller added a comment -

Changes reverted in 1.9. Will leave in HEAD and continue to resolve MDL-14659.

Show
Howard Miller added a comment - Changes reverted in 1.9. Will leave in HEAD and continue to resolve MDL-14659.
Hide
Permalink
Howard Miller added a comment -

Fixed in HEAD only. MNET now uses Proxy settings if specified, but you can bypass it for specified domains if you so wish.

Show
Howard Miller added a comment - Fixed in HEAD only. MNET now uses Proxy settings if specified, but you can bypass it for specified domains if you so wish.
Hide
Permalink
Howard Miller added a comment -

Doesn't consider mnet/xmlrpc/client.php and server.php. This worked for me without. I wonder why.

This really needs that curl code to be put in the library, as the proxy code will be duplicated again and again.

Show
Howard Miller added a comment - Doesn't consider mnet/xmlrpc/client.php and server.php. This worked for me without. I wonder why. This really needs that curl code to be put in the library, as the proxy code will be duplicated again and again.
Hide
Permalink
Penny Leach added a comment -

Howard is this fixed?

Show
Penny Leach added a comment - Howard is this fixed?
Hide
Permalink
Howard Miller added a comment -

Hi Penny,

My recollection is that this needs some proper testing still. I'm happy to work on it but I won't have any time for (maybe) a few weeks.

Howard

Show
Howard Miller added a comment - Hi Penny, My recollection is that this needs some proper testing still. I'm happy to work on it but I won't have any time for (maybe) a few weeks. Howard
Hide
Permalink
Penny Leach added a comment -

ping?

Show
Penny Leach added a comment - ping?
Hide
Permalink
Howard Miller added a comment -

Pung, but moving house this week. Soon!!! Need longer days and less need for sleep

Show
Howard Miller added a comment - Pung, but moving house this week. Soon!!! Need longer days and less need for sleep
Hide
Permalink
Penny Leach added a comment -

ping again!

(sorry to nag but it's my last moodle hq mnet week)

Show
Penny Leach added a comment - ping again! (sorry to nag but it's my last moodle hq mnet week)
Hide
Permalink
Martin Dougiamas added a comment -

Can I close this?

Show
Martin Dougiamas added a comment - Can I close this?
Hide
Permalink
Penny Leach added a comment -

Martin I think not - the comment from Howard which says:

>> Doesn't consider mnet/xmlrpc/client.php and server.php. This worked for me without. I wonder why.

Makes me think it probably shouldn't be closed, and needs further testing.

Show
Penny Leach added a comment - Martin I think not - the comment from Howard which says: >> Doesn't consider mnet/xmlrpc/client.php and server.php. This worked for me without. I wonder why. Makes me think it probably shouldn't be closed, and needs further testing.
Hide
Permalink
Howard Miller added a comment -

Unless you/we are convinced this works correctly I would note that I never tested this exhaustively with all the possible combinations of inside/outside a proxy.

Yes I know I should have done - hours/day issues again.

Show
Howard Miller added a comment - Unless you/we are convinced this works correctly I would note that I never tested this exhaustively with all the possible combinations of inside/outside a proxy. Yes I know I should have done - hours/day issues again.

People

Vote (0)
Watch (6)

Dates

  • Created:
    Updated:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.