@andremartin opened this Issue on October 9th 2021

Expected Behavior

Correct URL generation (for assets) when running Matomo behind a reverse proxy on a sub path.

Current Behavior

Incorrect URL generation since some reverse proxies such as traefik provide the URI using HTTP_X_FORWARDED_PREFIX rather than HTTP_X_FORWARDED_URI.

Possible Solution

Extend the URL generation to also consider HTTP_X_FORWARDED_PREFIX if set in addition to HTTP_X_FORWARDED_URI as shown here:
https://github.com/andremartin/matomo/commit/e1322be0f3f3b73ad041733e17c99c312f3b3635

Context

Your Environment

  • Matomo Version: 4.5.0
  • PHP Version: 7.3
  • Server Operating System: Ubuntu
  • Additionally installed plugins:
  • Browser: Chrome
  • Operating System: Ubuntu
@tsteur commented on October 11th 2021 Member

Thanks for reporting this @andremartin . I wonder if we should maybe support also different flags like when proxy_uri_header=1(for backwards compatibility) still use HTTP_X_FORWARDED_URI.

Then we also allow configuring HTTP_X_FORWARDED_PREFIX as a value like

proxy_uri_header="HTTP_X_FORWARDED_PREFIX"
proxy_uri_header="HTTP_X_FORWARDED_URI"
proxy_uri_header="..."

Basically, when it's non numeric then we assume a user configured the name of the header.

I'm just meaning this approach be slightly more secure in that the host header cannot be simply set by anyone. By only allowing a specific header eg the user could make sure to not allow this header to be overwritten etc.

@tsteur commented on October 11th 2021 Member

@andremartin btw feel free to create a PR for this and we'll review 👍

Powered by GitHub Issue Mirror