[Catalyst] Setting $c->req->{base}
Andy Grundman
andy at hybridized.org
Tue Sep 20 05:28:41 CEST 2005
Alessio Bragadini wrote:
> Hi all,
> I am stumbling on a problem with my Catalyst setup, and maybe I am
> overlooking something obvious. I have a dual-server setup using Apache,
> a frontend server on port 80 with mod_proxy/mod_rewrite and a backend
> server on port 8080 with mod_perl. In the production environment they
> will also be on different machines (this is a fairly common setup).
>
> However, $c->req->{base} gets set automatically in
> Catalyst::Engine::HTTP::Base::prepare_path to
> http://backend.machine:8080/ instead of the path I want to show to the
> users. This ends up in templates if I use [% base %] but unfortunately
> also in cookies and self-referencing URLs.
>
> I don't see any obvious way to fix this, and especially I cannot easily
> figure out at which point of the request cycle it would be better to
> act. Any help, or directions for a possible plugin, would be much
> appreciated.
>
I've added support for this to the refactored branch [1]. I'll look
into backporting it to trunk in case we do a 5.34 release.
The logic is thus:
if REMOTE_ADDR is 127.0.0.1:
# get most recent proxied IP from HTTP_X_FORWARDED_FOR
$c->request->address( $ip );
if server host is localhost or 127.0.0.1:
$host = HTTP_X_FORWARDED_HOST
# this will become $c->request->base
This also prevents anyone from spoofing the base or user address as
these requests must come from a local frontend proxy to be trusted.
Unfortunately, if you are running a backend server on another machine,
I'm not sure of the correct solution to keep it secure. Any ideas?
[1] http://dev.catalyst.perl.org/changeset/1158
-Andy
More information about the Catalyst
mailing list