diversionmary - Ballpoint drawings

more drawings facebook cargo collective

april 2015

sun	mon	tue	wed	thu	fri	sat
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

« August 2014 | Main | September 2015 »

April 28, 2015

vTiger non-standard port forward ssl/https 'illegal request'

Using vTiger, if you change the port Apache uses for SSL from 443 to a non-standard port such as 999, it will error out with 'Illegal Request' based on an incorrect referrer.

To modify the validation vTiger uses, edit line 209 of includes/http/Request.php to add a check for SERVER_PORT.

Before:
protected function validateReferer() {
$user= vglobal('current_user');
// Referer check if present
if (isset($_SERVER['HTTP_REFERER'])) && $user) {//Check for user post authentication.
global $site_URL;
if ((stripos($_SERVER['HTTP_REFERER'], $site_URL) !== 0) && ($this->get('module') != 'Install')) {
throw new Exception('Illegal request');
}
}
return true;
}

After:
protected function validateReferer() {
$user= vglobal('current_user');
// Referer check if present - add port check
if (isset($_SERVER['HTTP_REFERER']) && isset($_SERVER['SERVER_PORT']) && $user) {//Check for user post authentication.
global $site_URL;
if ((stripos($_SERVER['HTTP_REFERER'], $site_URL) !== 0) && (stripos($_SERVER['SERVER_PORT'], '999') !==0) && ($this->get('module') != 'Install')) {
throw new Exception('Illegal request');
}
}
return true;
}

crit?: 0