[#MDL-14659] Cannot exclude domains or IP ranges from HTTP Proxy

Moodle

Cannot exclude domains or IP ranges from HTTP Proxy

Created: 02/May/08 06:40 PM Updated: 12/May/08 04:24 PM

Component/s:

Administration

Affects Version/s:

1.9, 2.0

Fix Version/s:

2.0

Issue Links:

Blockers

This issue blocks:

MDL-14624 mnet can't setup a peer when a proxy is in use.

Participants:	Eloy Lafuente (stronk7), Howard Miller and Petr Škoda
Security Level:	None

Description

« Hide

It would be really useful to be able to exclude ranges of IP addresses and/or domain suffixes from the proxy where a proxy has been set up. It's quite likely that you might want to access sites outside your organisation (needing a proxy) but also to access sites within (not needing the proxy). This would increase performance and reliability.

It would probably just look the same as the similar option in browsers. A small library function could check for proxy use based on the required URL and a match against the values in the list.

All

Comments

Change History

Version Control

Sort Order:

Ascending order - Click to sort in descending order

[ Permlink | « Hide ]

Eloy Lafuente (stronk7) - 05/May/08 05:48 AM

Good idea. Assigning this to Petr... thanks!

[ Permlink | « Hide ]

Petr Škoda - 05/May/08 06:11 AM

sorry, I do not understand this part "from the proxy where a proxy has been set up".
Are you talking about Moodle server behind a proxy? Or people accessing internet server from behind a proxy?

Also I do not understand why any restrictions of this kind would be "really useful"? Do you mean secure?

I always thought that firewalls with DMZs are easier to set up and more secure.

[ Permlink | « Hide ]

Eloy Lafuente (stronk7) - 05/May/08 08:40 AM

I guess Howard is talking about Moodle (the program) accessing to information stored in other computers (could be other mnet hosts, or webservices or filelib... ) any piece of code currently supporting $CFG->proxyhost.

The key is that not all those outgoing connections must be performed using the proxy (other intranet hosts, for example, need to be accessed without the proxy), and that's what Howard is proposing, if I'm not wrong.

Ciao :-)

[ Permlink | « Hide ]

Howard Miller - 05/May/08 02:42 PM

Yes, Eloy is spot on - sorry if I wasn't clear.

Without being able to make exceptions *every* HTTP call that Moodle makes *out* will have to go through the proxy.

PS. Happy to produce some code for this for review. Of course, it means hooks all over the place.

[ Permlink | « Hide ]

Petr Škoda - 05/May/08 03:01 PM

Oh I see, now that mnet peers always go through proxy MDL-14624 it is a regression for people that have peers in one net behind the proxy :-(
It might be better to revert MDL-14624 now in STABLE and work on this more in head.

[ Permlink | « Hide ]

Howard Miller - 05/May/08 03:15 PM

Yes - that was my worry too with MDL-14624. I think I agree - I'll back that out of stable, and fix the whole thing properly in HEAD.

[ Permlink | « Hide ]

Howard Miller - 06/May/08 11:05 PM

Changes added to HEAD. AFAIK, this only seems to effect lib/filelib.php and mnet/lib.php. I couldn't see anything else that did outgoing HTTP requests. If anybody knows different, please let me know and I'll add them.

[ Permlink | « Hide ]

Howard Miller - 12/May/08 04:24 PM

This functionality is now in HEAD. Please reopen if I missed anything.