EZP-31804: [Docker] Added fixed IP to varnish container to workaround…

… TRUSTED_PROXIES setting (#592) * Changed purge_type to varnish from http Co-authored-by: André R. <[email protected]> * [Docker] Set SYMFONY_TRUSTED_PROXIES to trust all IP addresses Co-authored-by: André R. <[email protected]>
ezsystems · Oct 26, 2020 · 681cc95 · 681cc95
1 parent 1942b33
commit 681cc95
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/doc/docker/varnish.yml b/doc/docker/varnish.yml
@@ -9,9 +9,11 @@ services:
   app:
     environment:
      - SYMFONY_HTTP_CACHE=0
-     - SYMFONY_TRUSTED_PROXIES=varnish
+     # Never do this in production if the app container is accesible for the public as well
+     # See https://ezplatform.com/security-advisories/ezsa-2020-002-unauthorised-cache-purge-with-misconfigured-fastly for more details how it could be abused
+     - SYMFONY_TRUSTED_PROXIES=TRUST_REMOTE 
      - HTTPCACHE_PURGE_SERVER=http://varnish
-     - HTTPCACHE_PURGE_TYPE=http
+     - HTTPCACHE_PURGE_TYPE=varnish
 
   varnish:
     build: