#7664 closed enhancement (fixed)
[PATCH] Disable check_auth_ip by default
Reported by: | Owned by: | Remy Blank | |
---|---|---|---|
Priority: | normal | Milestone: | 0.11.2 |
Component: | general | Version: | |
Severity: | normal | Keywords: | |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
The check_auth_ip
option (currently enabled by default) breaks a large number of legitimate network configurations. I am from South Africa, for example, which uses a national caching HTTP proxy layer with no single client IP address, so most people in the country can not log into a Trac instance that leaves this option at its default (i.e., most of them). Caching proxies everywhere are similarly affected, as well as multi-homing setups, NAT routers, and everything else that invalidates the presumption that a user agent corresponds to an IP addresses.
That said, there are specific deployments where this option can be usefully turned on, but the administrator will know when it is safe to turn on: for the general internet, i don't think Trac should default to breaking valid clients.
The attached patch changes the default value for check_auth_ip
to false
, and adjusts the unit test accordingly.
Attachments (1)
Change History (5)
follow-up: 2 comment:1 by , 16 years ago
Milestone: | → 0.11.3 |
---|---|
Owner: | set to |
by , 16 years ago
Attachment: | check_auth_ip-nodefault.patch added |
---|
Change the check_auth_ip option's default value from true to false.
comment:2 by , 16 years ago
(The patch is missing, but I guess it's pretty obvious how it should look like.)
Sorry, i must have botched the attachment during submission. Patch now attached. :)
I'm not sure about this. Is
check_auth_ip = false
a security issue? The option was introduced in [1361] to allow disabling the IP check, see #507.
Any security provided by this check is largely false: the same thing that makes it break valid clients also makes it miss actual attackers. There is not a one-to-one correspondence between HTTP user agents and IP addresses.
This check could conceivably be useful for specialized Trac installations with controlled client bases (for example, corporate settings), but it should be explicitly enabled: for general, Internet-facing contexts, it is a Really Bad Idea, and should never be done.
follow-up: 4 comment:3 by , 16 years ago
Milestone: | 0.11.3 → 0.11.2 |
---|---|
Resolution: | → fixed |
Status: | new → closed |
Patch applied in [7613]. Thanks!
(The patch is missing, but I guess it's pretty obvious how it should look like.)
I'm not sure about this. Is
check_auth_ip = false
a security issue? The option was introduced in [1361] to allow disabling the IP check, see #507.